Search Engines - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Search Engines


Symantec Fixes DNS Cache-Poisoning Flaw



 By: Ryan Naraine
2005-03-16
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Search Engines story.


Rate This Article:
Poor Best
The security company issues hotfixes for a "high risk" cache-poisoning and redirection issue that exposes visitors to popular Web sites to spyware attacks.

Symantec late Tuesday issued patches for a DNS cache-poisoning and redirection vulnerability that affects multiple gateway security products.

The Cupertino, Calif.-based IT security powerhouse rates the issue as "high risk" and warns that affected gateway products configured as a DNS caching server or as a primary DNS server could be exploited to redirect users to bogus addresses.

The issue was first reported by the SANS ISC (Internet Storm Center) and is already being exploited by attackers to install malware on vulnerable systems.

According to the ISCs alert, attackers are redirecting traffic from popular domains such as google.com, ebay.com and weather.com to rogue sites that attempt to load the ABX toolbar spyware onto the victims machine.

Symantec Corp. confirmed the ISCs discovery and posted a separate advisory to explain the risk. The company said affected security gateways include a DNS proxy called DNSd, which can be configured to function as a DNS caching server (default) or as a primary DNS server.

Under specific conditions, Symantec said DNSd may be susceptible to DNS cache poisoning, which occurs when incorrect or false DNS records are inserted into a DNS servers cache tables, overwriting a valid-name server record with its own DNS server address.

"Subsequent queries for a targeted site would then be redirected to the rogue DNS server, which would respond with its own addresses for those lookups, preventing users from accessing the legitimate site," according to the advisory.

Click here to read more about spammer tactics in the wake of the CAN-SPAM act.

In this case, some Symantec customers were being redirected to Web sites that attempted to download spyware or adware modules to the users browsers.

Resource Library:
"Shortly after the abnormal activity was initially reported, the offending IP addresses were blocked by their ISP until the offending DNS servers configuration was corrected," Symantec added.

Read more here about Symantecs spyware capture and removal offerings for enterprise.

Affected products include the Symantec Gateway Security 5400 Series, v2.x; Symantec Gateway Security 5300 Series, v1.0; Symantec Enterprise Firewall, v7.0.x (Windows and Solaris); Symantec Enterprise Firewall, v8.0 (Windows and Solaris); and Symantec VelociRaptor, Model 1100/1200/1300 v1.5.

Product-specific hotfixes are available via the Symantec Enterprise Support site.

Symantec Security Response also released adware detection for the Adware.ABXToolbar browser helper object download.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Symantec Fixes DNS Cache-Poisoning Flaw
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Search Engines Articles          >>> More By Ryan Naraine
 


xr8(ViW1E:dK.kʲ<߱1 [tV;v T| pfL&;=az5ExLԸ#|x\{d #B=xa/GZZq 4b'*cO^3lbㅰ A-c9p<vt#,gw'9"ScO$աUNIp/0:(G^C]ñ\./RF͌iAwtԭSzcGGgԏPL0H=~0[ QK8`=2}hG:a;6]Uh?AWuomzV[uϙۣ#27 p%X䄍ER'>6#ݟR>҈chGǵHQ~aF3,Ӹ4 XSKC(DžJ|_+{9e2[ֺ[B)(e*G -ݾжD^׵vCi^w{ݳ>~j]\r m  NַRߙ 0QT&*rp%9Io 7? `HmDm[ܺ̑\R yǛka(7`cM|戒#":sPڊfCt-M>¿ G/<@'Lw)p3Z&j9T23=jMH:Gv!fByM)oz@@ZR~nV(U7$ٛ"G;zlr!DKI88c^IR]E1\a>pYcyp>jYY6'*taeIUi(EށؓYxjUOVx߂)WC EhYf7-vIQM}{Qc1u+%YEPU_1p-~~:bLm,5,LX[A^݇_lA`:~g1>ё9Նm'!|Бdmx=Z.s3ЍIXn`vth?`;^h>[W <[ K!pň00gwk9LP#wC۠h&r<;T؎]6}l2w9;-L&w& zrWtc` VPC9N@ }S(r`nZдc@<:ڀ;r%Ea3C7Eأi?]HPw9J B!\0H#`P ab .<ҶBICvn<){TKh!+K@fsfh(4{~6 cbB|#'bXr`Y \h+|i)lc ը˶V.hXi(P׃,`z;'VKh5YQSMq'sߴa!m{s3p#Eq"O)14LXh4&l:Z7E^PݳԹ'0Ќ7_azFT>LdlٚM܏>3 BB13 =gƠtOP#'Կ 3r ww,_zt;GcNEiKJ/ι7)j`>J7n2gNP/h|WY 3EDVhdF!! = \PȭT)w^IY䞅T_9YX X`~>ť`(mtfй+>q^v.iC@ӬXKuooE[1(ĿKúJjp -Hoh koռE_xue8HiK-#rB`}.E6Gh?40;LSw]86pc|nVU OßBxz#jISʱb1vn g%A qsGIc$mʥʫ ;u\ cQDz[fln: 6)8{y4!%6$N?&BXSt+@Zl&VUmTHbp=PF˸hFq,@XĞ=8]%8sM^\X/+]69g"@0oʱLuzh< VشO:¿twڵj )ՃYkkH %1`s@M$ knV2 &G-cY}6euEm׏$ci.:<~ɯ™9j1|*j0&B$V8l^p~kj9r]ilu0q`( Z3:sV*[O3$!WTͶwAQ O1kM8vهE1'{E;= :7a/)cpI,_ta@C^C)& SZ`\FLs  ZCbP$܌wт.[|X]oXL+*9Gpϟ  sFWyYF濛?O=~T+BZm&VVR帨V*h1*(Si|);ug gvo?{]wK\μ + ;2E<& {HeX7t%_(ƤOMqѡ,u` tV8f|<@? v: C\4!<}oS4pf mWq=[JjJwg `Z~N ~7M=/"JL7Ϧ<sƃ~w"y@*FyG "BN7x^ox06Em/POG]մR?c2 s*?QjQIռi0RBE-) BoED\v-[# l⊗vZCKτkox~E 6-2j>kR>,ԕKOe3q1 8@X=x}dlj+jBgEr `0O#[&IfYyVum4uX"5HdVV5XI0iUI+T Z} 2aU}/*\&IvSf﩮 tGD0|=0Jj$·RiEmT)ܓJtp ( rA-ã,z(_d0rY+`7'ɠK= j ;!O}+&<==a?up-<91=QZaǰ^P(k|hhqLF\}?؇^?hUeqbsE1 7cy_% ?/l8)F:~ݕDwɿ~i7G}e_:kt&~m?<aa=&~"`}܇/5.iIfGtL`UueSjw[b8 } LAIP 4p=&iCO"l/Kmu#4-odhD4|w;Nq})}ڽ^Sz}ْWs5A n2H#O!yN/ZFSLo2XGzz0\㥑a3+"AKٺ̂1 a՜$"j MN3dn ʆqєmHkocs~uYF_bB!|Jg4dwD/'yS7^^S{20tKt?I/K턟ycP!XSω%٘&BEWU-u+ln(rYpJeOVr{ѩc+N c,nV (fެyi16>gnR3-|c1o~=Ϥ2]a*w}o}VZtC.q@)&d/.)%/E 5 OKt1ڮ/=اHkYXdbQWفg2~1Ok O=pԲ؉ƓMNil&s$;grោJ6wVpN Ϧv_ O%FJMc-ێ!%/hvpU4"Zy"N0 o[1΢ Ik IV_NLRGzQc%Fm?^Sϗ4t8?q27GV،̳$t樦ʥ/>,0eRK˭Q^'\/_z\^*OwjDđ~1ry8~a S;/̴amw1Cv_JԲTMєC9(>cL~2?s@z]G?3t0~i}>o K&}e3XQ҂;OSzא:,=Atɛe ?l>= -x1xp]miޛO&đ;3 .)SL]*(9`ɛ JƩiS&?̪MYuYzaνw[& Mt0Q-3mipeYḪvG,3JVL;ݽ. $lU&vx[X9i%Wޮ8㐸Dj*+0޶9Da1qjz{)]PLE#c礢Lo@x<3Z5C˺E``]{' ,V& \$a*JZ)1Z6_u4_(.?;;]d|F}'f_&x]4-ؗIy#3? bP)2 z[="LaluƣicXs}>sϒt{LGg`R~G} ƩnKz rv@","Yx^Ut8ַTe35u/N-ݜRwlX##~ x&fNtV@j@k0xC7D!"QC7DDC$j`C]}[ RĪL(imy< ;0fҹcA3tL|00Ѽ# 0HA`>KwgWYҶU#tfPI>Ba$' ̟KZFNQTM*۲Gu 9HS9q`N@@TB5CKNC& 2fB,s~>'YJ|{W]]]]ٮRZ՞uKxo8|f0&l0AUuzς .~GO&La&83z[soфj_x r%(l _Ȗ74;|RPW.p50b (~k_#l1_g6M7r, /㋿RL`a돱\*5#xV:F_Mַ?/KTX"P*%z.e\lĭS y sb`!}TY:WXH R0ds"W8;ԤwTe鱣K%ٝ[(mD$I cƼЧwdwEnw+bz, $_cb}݄8De.>JW(jJ%"pľ׷K^* cBw~eKOG~wj~wj~wj~wj~wjFNͲZ:I@D]ܗN]F &Tgf _X?_ؗ*p&5_7vyl׭d Gm697Vy}7:<-uRg:a1Jm~) opP7"Fk/&^'/1a"0|VzA3"-""[pgb&^w u"#=-cnav4 U)N)X),VwMgp Sqvp@D:t"vC}^ϕ  cSTLbD> r qS!u"^'u^'lGe(Deom.)!9d>7t:R-|}KzvZS#XȓwajKgD|`߱1 *ps)Ox_ڋK۪_hxT_ݷ841̫9ְd=IށF RȋFP ђ,#Ћgì4dF2 !̈L7<K=u~GeS⌡Sٿgg~vxhqTZPy%\k>k!#gc^H+uVh za3 0.$o,S`,/h6WW`am!۟`n35ǻy+'9q/ga)_?E\{%0&_;" }~u(Vq6/d7'|ߖ8㞈K0ek)'>?Ewwm9:^gȿ DVQ= )5|5XXÂkJR]ĆWc3cYx5DyD4i.*Me9LdؕĠAIB4:ĸWOn"9I蓣Gñ:-VAXz- D9DNE0H^XA0pD]biD 6 ͤ<؎7ӭ%äa8FSYhmS!cbwjP]-OQ/ ]ZX,:~eL<^^AFx]!1c-TA9-Q5zRU BI?Zj>AO76ǽjbdc;Xy%Vy 6vn&|+m'hzBRKo^;G'ܬTM$ n߮bjLyh/ڢRDXD3G>kX,1'|z`^`zҧEd#us{楒V,T)[g=qGp=X27gQZ:<}Q-DRbfӃ{&0m˖C0Ÿn54+%;}ZXR 1$ܤ]KjL߷"|ͱYfs; ?4uӻhzxX2d1Lp@Xț]@S$죋B1N <9$.+Ja 3ݙ!:|e1u0ĘUֽ?C7L>ǟ"ķ5|$rkqC9Ҍ]$zkZ7/{ʡRJ$u2C:΁ lZ.hIED#ThbGB#M=^I79k 4HJx&Ʌۈ9S"`" aچ5g3bwp] y460'6j4qx|궯[/ T6CĊ1gGi>'_@9 faٿI&sJvqY@y+LL݂`Aa~N­!Rjs# h_ʹfF :Lma`t.2,GA~25:W&:5KqfldaQ(b8M u?3,ȏ%?%nK ṇbyL ]ǒ 4B1h6'@20=cmX׻Se/( @Ka1c~PoVR$4 >(>gٕa)豪G͕/7)ދ ;ek2Vqą&JZ! `xZNrdhz?;~@|LBz،\Sݾ嘫7.>5iV>NWv.7xv Zѷptԝsm~>^}>k_ۗ\`&hT慾L۝',C rv贘283ksYx9% E*w8l I(%lGyї51oF0LL7VeS+7Пxu3KL: Χ}uR\js@1@C|k]N{Cx_m\;^dAoP~(By79 4h2Ot},>3#\_~\(3eF9\C/3^_~/2lWdOd,@N};@N}:'g'?; D(?A2;P(K ..n~f+ 2޿23(_3*>e )~7P~U{7MF77$)cF5pvJEsQ^O2T}~)PgP0eJ2,c2\. e{9;[?[NBX\jzr+^fi5v+iA-{} yW /"yeoR-AQ8gG6+F.Э-'ވm]=p&}:=WWvl+Jy.)ܢ}:QOXE)9 8WidN@Agi#|,y|e8Nt 1 }^f1.? fVt{rMtKn yr%>| #rӚܴO]巈v<2kݫ++#BAfПb 9䙚'<+?u>x*e*+6:5Q3[ LjC?s H80-;}#Շ^V_p3jlc}pWu}ٸ\5޷C{>'K j*85ߜ:I< RK,^ ,>vZ{#=CfhNh{m ?MgƟ>#5sC\ԴZjRs?%Hd6#8 "(-ɪ"+UW9 طV++b`" *s>P`26UJ` }9 C8b{hDŽ[ɖ(=^?&G'&slj"g/c@6of!)^ ^"Uv3:Ec(2ǀ)"R ?^*q0 j>d%Q(9s`Ŧͫz6bЦ!%Kva[F0mS|wN"G25<>Mqgq%B4Fw]=ƾw<Acx-/鮠1M:z/dp!gB-Zыt^(HeD˺7}@x6)G1_g4| v_J_nX v7i\֤`Dy$3S'w2' U?㎏틷&YAr2OFdu#4JrjD8BߝS su&V߅xVw\R9w>ވ'DtA6H-mgrlCknܙexmi"d`+ o`x5sv]ԡ:}.e?!N"Ca eF`O]WnBaIg io]+9=`&<9O,|Ŷr.iaBc M=X`Cǹ~rh`=E(gM|Y\k,##1苌Y MЦ = B8̈́dN`'8}Ǧ e4`5,< "s k!v+2}jQwh}rWXsܪQG1 (OP"Sq}(!3q=GcС_456:\-5,⒎L ALH\>oz^DltΖb/xc yn%()%y+6(م0U7VAgL=Y,> N_$v{%B+π 8>eHC[g2T~kF=*P=eZPO] n",ݤdv/+ 0bŽ%Om#HYUҎߚɋ?B#$CbF8] "!_S aniy㲁%!}`3 s"Tt r!,ML[ U|ٱss4cbVHd=)O?5'[nI 5E`0l4`e8ΧYp穎m,U|J6A1^Ku A]=_v{[>/'_L/#]Z$&+$~Il=au{+Wrcd+{f:ePNEXl'BW5`/=2H]{n78ǩc Vmxj{ݺXg 昻kOTgwz*.ufi6vQmQ-N?X70(|Nuo=v{@7* f0 'Ɣ ϰ" sWexDh\N"X=<,_N~LʹcaPֽk xٚջHQ#z.fY|Ѓ!gn耵]ŵ6: ] 9l!j1Bi>cY1}p1LX+0W_kASsL5ʳ(`,$v"VKjMΡmjqR!acTx 1L(_3,Yגu!{xZ~΋{El>WNENE<<Sf}')VSL_Xџ_<|ړT+O ƕ)@Xqɩ8To?_˛_,{ٗ#RI>QoXyx8~'c(FRqO\|j?(>^tc3t㖗4N?~lJaE e鑢%!t4!ջj4ɊxO޿a(XEh⍿c0145]sTSVIGvŶ3HZW'JZ>۽wߺ"f/On6PU&s)# MW_\)M39Q/kFs+q>tgLp -ͱ=RZ`'l/Zi%`)