Attack code published for DNS flaw
Summary: The urgency to patch Dan Kaminsky's DNS cache poisoning vulnerability just went up a few notches.Exploit code for the flaw, which allows the insertion of malicious DNS records into the cache of the target nameserver, has been added to Metasploit, a freely distributed attack/pen-testing tool.
The urgency to patch Dan Kaminsky's DNS cache poisoning vulnerability just went up a few notches.
Exploit code for the flaw, which allows the insertion of malicious DNS records into the cache of the target nameserver, has been added to Metasploit, a freely distributed attack/pen-testing tool.
According to Metasploit creator HD Moore (left), who teamed up with researcher |)ruid to create the exploit, a DNS service has also been created to assist with the exploit.
[ SEE: Vulnerability disclosure gone awry: Understanding the DNS debacle ]
The code, available here, takes aim at known deficiencies in the DNS protocol and common DNS implementations that aid in serious cache poisoning attacks.
This exploit caches a single malicious host entry into the target nameserver. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache.
In an IM exchange, Moore told me his exploit takes about a minute or two to poison a DNS cache but said he is working to improve it in version 2.0.
Kaminsky in on record as saying it is possible to launch a successful attack in a matter of seconds.
Patch now! Please.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Irresponsible and evil
As far as i am concerened he is just an evil person to do what he did. What positive will come of this? People getting ripped off with his help by making a "Better,Faster Program" to exploit the bug. I just don't see how this is not a criminal act?
Quote: "What positive will come of this?"
Now back to "What positive will come of this?":
The blackhats already have this exploit in the wild, no two ways about it. So what positive will come out the MetaSploit DNS exploit is that You as a security officer or systems admin can get the MetaSploit Framework, compile it for yourself and see how exposed you are to the issue before someone else with more nefarious plans does the same.
If you are so naive that you think that this isn't already out in the wild then might I suggest a carreer change such as "Would you like some fries with that order?"
Assumption
I stand by my comment as nothing you have said is a good reason for what he did. Nothing good will come of the stupid exploit release,unless there black-hat criminals
And yet, you assume...
>> mother of all F$#k ups.
And yet, you assume something to be evil, in an industry in which you have no formal education.
I for one find this useful as the exploit will help a sysadmin find holes in his system in no time. Without such a toolkit, it is almost impossible to know what needs to be patched.
This exploit was certainly in existence among the true bad guys, or something close by it, as soon as it was disclosed a major DNS vulnerability existed, perhaps even before the announcement.
We who make a living as IT professionals are always on the catch-up with the bad guys. That's the nature of this complex business. Toolkits like this help in the catching up by early identification of vulnerabilities.
Also saying that you stand by your original opinion does not mean anything. Opinions are not fact, but just that, opinions. Yours is subjective and uneducated.
You are certainly entitled to as it is your right. It does not make it a valid one, however. You are not an IT professional, and certainly not a sysadmin or IT security expert. As much right you have of voicing your opinion, it is useless and mistaken in this particular context regardless of how proudly you stand on a soapbox proclaiming that you stand by it.
hmmmm....
as soon as - wow they're that fast at coding, and finding the exact exploit. I'd say a few days(at most), but before or as soon as would be a lot more likely. Yes the bad guys are innovative, but that doesn't mean that they have these plots before we figure them out, just before we figure out to to defend against them. The good guys are just in a constant race condition with the bad guys, sometimes we make it, sometimes they make. No guarantee either way.
Now, as far as your arrogant and annoying dismissal because stan57 is not an it professional, that's just disheartening. You fail to appreciate that perception is reality, if the general public begins to think that this type of behavior is irresponsible no matter how often it happens or doesn't happen they are the ones that matters. Remember, your jobs exist only because PEOPLE need them to exist.
His opinion may be mistaken, easy to do not being an it professional, but useless it is not.
You're right, opinions are just that, opinions and his, while uneducated didn't attack you in any way, shape or form. Your opinion, is also subjective, however it's also condescending, rude and arrogant.
"We who make a living as IT professionals are always on the catch-up with the bad guys. That's the nature of this complex business."
This is just pompous.
"The it security industry is a rapidly changing landscape, which can be hard to keep up with, that's why I appreciate a toolkit like X provided for this bug."
A lot less confrontational, elitist, and alienating way to speak with people. No wonder us computer geeks have a bad image, too many of us lack "da' social skills."
Assumption (of your own)
Anonymous InfoSec dude,
with CISSP and GCFA
wrong
RE: Irresponsible and evil
I, for one, am glad the exploit was published. First, that will destroy any perceived buffer time that could justify procrastination by those offering money related services (and this is all about money) so they can protect their bottom line. Microsoft uses this approach and we all know the results of that policy --- millions of Windows users have had their personal info stolen and abused. Secondly, it gives me the opportunity to evaluate for myself the criticality of this exploit. In my case, I do not plan to access my online bank account, nor Amazon, nor my phone company's site, etc..., until I am sure this hack is fixed. When vendors like Amazon start noticing a drop in business you can be sure they will put on the heat where it needs to be applied.
Daniel Bernstein published a critique of the DNS about five years ago. Daniel Kaminsky probably just read it and decided to exploit it for publicity. Who knows? Maybe this will finally lead to TCP/IP 2.0 and a more secure IP packet design.
pad time...
Oh, and if the people that pay the most money get some of the details worked out a bit sooner, welcome to Capitalism - our world as we know it has prospered under it.
I can't think of ANYONE who deserves to be...
Oh grow up cowboy! Ignorance is not bliss.
At least with |)ruid's code you can compile it yourself and test your DNS.
Have the Blackhets that already have this exploit offered you that?
No, but keeping the script kiddies & uneducated but resourceful terrorist.
Godwins Law, but now on terrorists?
http://en.wikipedia.org/wiki/Godwin_Law
Publish just 2 days & the attacks are on. Maybe I was right, hmmm?
I'll grant, there is a much higher chance these are script kiddies criminals, and not the, bring on the apocalypse, terrorist. But there is more than a fair chance, these attackers are armed with metasploit's published code.
Egotism putting many of us at risk. So now someone will rush out some, not completely vetted fix. That may or may not leave our backsides exposed through some other avenue.
So What
The fact is the cat is out of the bag, anyone with a modicum of skills can create a similar exploit in a couple hours or even less, and could have done so since at least three days ago when Halvar posted his initial conjecture (ok maybe 1-2 days if you are a pessimist/optimist).
Regardless of what you think about that (I am pretty ambivalent about it, unless you think Halvar is smarter then every blackhat), there is no real harm in it.
As I said, this exploit has been already seen in the wild, the code is out there, if anything this just further illustrates the need to patch your systems. people who are going to exploit this are either already doing so or are preparing to do so very shortly, and with the money at stake for successfully exploiting this you can bet they aren't waiting around for some public exploit code to be released when its so easy to roll their own.
P.S. Ryan, Stop being such a hate monger about this and making it look like the security community is full of petty infighting, Tom apologized for his (I believe) honest mistake. Matasano isn't exactly a no name outfit trying to garner publicity for themselves. I'm sure Kaminsky is pretty upset, to put it mildly, but in the end mistakes happen, lets all grow up. Hell I could even defend Halvar talking about the bug by saying that security through obscurity ain't the best. This just sped up peoples patch cycles a bit, it's not the end of the world.
AGREED, and it gives you test code....
I feel bad for Dam Kaminsky as this kind of "rains of his parade" when it comes to his presentation.
But the fact of the matter is that it was already making the rounds before HD and Metasploit published it.
true but,
Follow the hypocratic oath do no harm. If you think that it's possible an exploit could be harmful - contact the company (duh statement). If it had been said there is a FIX ON THE WAY, then shut up and try doing something productive - posting conjectures that could very potentially speed up the exploit being implemented most of the time doesn't help - it just gives virus makers (script kiddies too) a brand new target - and there's a hell of a lot more of them then there are people working to fix the exploits in the first place.
Yes mistakes happen, but these weren't just honest mistakes, they were ego getting in the way of common sense. And just letting them off with mistakes are made then it will happen again. Nobody will say "Oh, there are serious consequences to my actions, I think I'll tell people about this exploit that does causes the user to try and shove they're nose in people's ears."
The fact is that the people that openly made conjectures (a good thing in general) about something that was said to have a fix on the way, just because they had to know what it is. Sounds childish to me "I want to know, I want to know, I want to know!!!!!" <stomping feet on the ground>
Growing up includes using some common sense, which should have convinced them to act more responsibly.
RE: Attack code published for DNS flaw
For those of you..
Just plain dumb
I would love to see theses people start to get sued for there irresponsible and criminal actions.