Search Engines - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Search Engines


Symantec Fixes DNS Cache-Poisoning Flaw



 By: Ryan Naraine
2005-03-16
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Search Engines story.


Rate This Article:
Poor Best
The security company issues hotfixes for a "high risk" cache-poisoning and redirection issue that exposes visitors to popular Web sites to spyware attacks.

Symantec late Tuesday issued patches for a DNS cache-poisoning and redirection vulnerability that affects multiple gateway security products.

The Cupertino, Calif.-based IT security powerhouse rates the issue as "high risk" and warns that affected gateway products configured as a DNS caching server or as a primary DNS server could be exploited to redirect users to bogus addresses.

The issue was first reported by the SANS ISC (Internet Storm Center) and is already being exploited by attackers to install malware on vulnerable systems.

According to the ISCs alert, attackers are redirecting traffic from popular domains such as google.com, ebay.com and weather.com to rogue sites that attempt to load the ABX toolbar spyware onto the victims machine.

Symantec Corp. confirmed the ISCs discovery and posted a separate advisory to explain the risk. The company said affected security gateways include a DNS proxy called DNSd, which can be configured to function as a DNS caching server (default) or as a primary DNS server.

Under specific conditions, Symantec said DNSd may be susceptible to DNS cache poisoning, which occurs when incorrect or false DNS records are inserted into a DNS servers cache tables, overwriting a valid-name server record with its own DNS server address.

"Subsequent queries for a targeted site would then be redirected to the rogue DNS server, which would respond with its own addresses for those lookups, preventing users from accessing the legitimate site," according to the advisory.

Click here to read more about spammer tactics in the wake of the CAN-SPAM act.

In this case, some Symantec customers were being redirected to Web sites that attempted to download spyware or adware modules to the users browsers.

Resource Library:
"Shortly after the abnormal activity was initially reported, the offending IP addresses were blocked by their ISP until the offending DNS servers configuration was corrected," Symantec added.

Read more here about Symantecs spyware capture and removal offerings for enterprise.

Affected products include the Symantec Gateway Security 5400 Series, v2.x; Symantec Gateway Security 5300 Series, v1.0; Symantec Enterprise Firewall, v7.0.x (Windows and Solaris); Symantec Enterprise Firewall, v8.0 (Windows and Solaris); and Symantec VelociRaptor, Model 1100/1200/1300 v1.5.

Product-specific hotfixes are available via the Symantec Enterprise Support site.

Symantec Security Response also released adware detection for the Adware.ABXToolbar browser helper object download.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Symantec Fixes DNS Cache-Poisoning Flaw
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Search Engines Articles          >>> More By Ryan Naraine
 


x}r㶲s\@♵MR%ƶ,xMT( S$IVreoP/㩱%lݍF޻$\8д,JΰSã&}$]ZNUԫ1en軫w2v-gP;^> \?awD%x_'Щ=ѩ:€wɄIPQۗͩ>}^~l .hѲeb ^Pk$ȁ_=Ek9JGDqERGGEQ>߱1 [tV9v oT| pTƦ;=az5EhDԸ#|x\'{d #B=xa/Z ,ǸZUX'[vB䅠1FE8 /u#!,gu9"ScO$աUNI 080G^C]ñ\./RF͌iAwtԭSźcGkԏPL0H=~0[ QK8`=2}h .* }=-:Ѝy֛I]Ԓ],r"U)m P'>4!ZdQ-}9e}:3 46 dú;RP*qR,*cgC΃oĩq3Ψn?ҽPʪ)e}~#GAnmkh[J"ZA;lt|j]\[r m NַRߘ 0QT&*rp%9Io 5ɿ{۾Bdu#7{7#ReQ o0ǚ !%9)":sP;J}ڊNm҄Crƒ) tK3;nZK=0[-RFp&\ Дag8gMab&DJH7є6)`I˪ TI%嗋mQu3 .)J!"x^3ˆ BDԑ?CC0&pt/\~_5\'֛esJVt];zaZTpx=7&^wtv[0*>cq4Y`A-. :oo:jal:?o|5"+&rO̶-a[e)!3+,}0 ZC>O=S:4g@P?: M/6}@˥~n11 @ LNa 8 V83 tCuәݰ=W sJ}D57 l"C0Ieg&S yO ΃drooM~(wEn@>X^0 jp.HpyY?g>o  ќ릥L L<ģÙA }t (~9-WRC/0tStgrGֶLo K% jJ=SsA|5 i!3L&Ze onMn^ʚtɕU.F(hJS18 FLzS\O'Δō$)ЊO}?ٲJb-Yֽk%fcP*ouR@_&&ےx A-ʘŗZZG"JMP>V "Cɣ($me6L6;6Ϟ#}nvP jrAj#SV-iV^Ϛc+ L 4 oC TolVCax=Zz As,t]OD\t  Sp>h>JeHǝ8~L&';BSjb35-F  o _ǂK e*8t5u{qqػXZvZŽtՐz/hM泛VpvG9Je!6#{iWKH.LZ`!?RP՘$i/#Y /9-0cYC6aDm6#( EZ"= G.4uD83[-OAE-4$qxS??uPVƎ< [?\ug>VN0\}єa˘30|q֓-*I՗bAQ xHkMf٧gL䱯3ۉi0Aq_8R"X @54~x| *O$B\--UŨN=I)=gw`q0$zmK&K.pӞrFVyYBf?K=~T+BZmVVR帨V*߬g7#SO@H.5Ǿ3y翼;qF? g>kSMw+\s>#]\aQaƖ4FXXH]M;H̎'OCTJR!<ihw\rR" CӣFp` u7ufv9Aخ crAm1qW;PVC89'& B1&GJ lȂu!WMUm,`w]0>AG50qH&3E681 &:+@5-r ?Ť֊kέt)D aׂ3Sb_@TrX-5k7k"X쵿KC2ር54& u|8곍ZJ5qv3Ty9kY%f+aEM4=>]CP,*a,0r]☆|l'Ge7UEldB8NY HXL*r_ kRUF`"U!7TQ>cORzQrZ%7:ju[}$CPU]HmP*jIIz, :,h7xџVPVW`Zd&\%\{3i0(Q󩋗afD}R/)3nQ/ ~egm>Q?PG e[,r/鉚ĺRaf~d҇q'ZP`ӪV$,: 7Cwd,-BGI}7\&I'sSf﹮ tD0|7=>0FHΝ rQӊ5JR'04C: Gt@ ɢ\' WeR8]q,g$ ,$%,zF<C҇ps{(,3>C8}_u;WGA{Q~ZrXj\#-0MC~WֿHǫԾlo0.[-tJj2}m&A)`Q?rfWϋFپz/w᳋Y/`y BN׹p.7WKߧ ?wL.W-)^s-y0WNԸh:bIN*axո O8>m48Z&IEyD 5^6"B@ ˸tn,8;XKr!}&=C٠lkhMخ{+^+[̚_6o $*`AQ1 +JG4HvZgp4z" BtX 1t}E/R)Q\(뉞OYYuڹip3 lo}AFJNnVZ-[N7S+t,#?]/8ʚ=?UNj?!.4|㿜YQ$ !rFen1~KP -Mu>nSoqJh"g:Q;6?m[ħ{, /䎑<=;SL%M([4viQ%uєyjtJ1SBt (2H P,O&e=lI1 iKBih%bbVHRo{ݸڞ6<1ޥ]ƙBƗHΖˬf̗4.נzE8V#["|')-& +y-EY-Vy;q9z])LU9"y0_9U+۾Lm3ym#O$ ؑq eީӊNf|vu +ɅNo՗>W}>0k{R̵j s2fucBNj=0ف9k֧@t cn ~] ުn8Gqܚx,3ueNx>HАߛc=p8#M[_vۭؓ oc Ǿv/ݻw~Zw[q*A-wK<-L>?Gdc: M"I^U֩UdU)IW]YEG㳑)G8boZ`@L6COf=Kf=#tzoo=إ%<C?'z'kLw.z@z@qw{Zg%QJW=(q @jjiAr\"~^YZ䑽DXHڃ}co[#D:*pc޸O<{cZy‡i襖N<79wB#AVާA#zQc%Fm?^ϗt0a8C~x+lF)Y9sXS R'2_ΨaXbiE.{ GM;__W"Hb<?ڰ)NH ʝ|`F}:5mXc[=G̐uݓ1@ܤjQGwuS8":w v~@>`h' dys\ң6.;wОRhz'eE-#K$VWg1a Xn;Dl[ǘNl<>:\Gd(΀,NS3r,034'S$>L '\-~V/n!렳':&,ϝ,YMhl TB gikJSuLd#1QS(1b.[3"v *F/CUV+VmbL1J^I?yC ^\Vk{܂Jz[)KqᚓVZ!q >iiI)<p{QձiK h3G!Վ2?[ &o޵qBieAL"WQAJaՊM9(">\{d|#;>zx۵U-ľHj[ 0eC4M0]a1^dNs Fzt- c_X7.v|R[AV*Z(bO.cFh&kMa 6 ),SR쯊ޯUVx<94>OQS4>#LO3 ,DAKҙ?HbؓL_:\592ĘJH#LY&^^bAK`ژ-h}{gJPQ[$a I)AӑO%Idlw}ˊsZޖ/Q81an0J(9la XaI}m|!gmk>%I$p[)fGEs~EF-]eLZ,5mt8ַTe3 u/N-ݜR VPHFdi@:LL)CݽV F kD  ! 1W,4uqKS/$KBv3VXy:%pYieI7 45;jKbI+e-i   KgKEb59O{%,wcii,t1ooookR|q^frУD% <̺&aL>Cn\B9^%CKtn,)gxTsK+AgS@佗wGn.;*uJκxQp_#@gA<H n¬ƖcT>8+/ A>Rhx?m_%ބo}ۚ[3D;-N謖=t0oL'pfkΉ"~'vO..@^*yez"՟cK,}.nr3pHb Aż,'>݆7LΏx̥k0ԧ/j Sn6_C $#u)5BEū%2ffP5D9؜b ޤx/ppZ>MD?q_. rG:w|K{D o2E5 µnJv_::azgC2z`gWf"Y߲{ uXhD: bi}KzvZO"[0[֟rwD%R|wi -ǿ2Z|00ͺHRxfp64sh~wLnlf1]^Iͽ=ڶ/h P|F0-c فxQ ȪhֲF:t)O۬R42ײ#1=ilʻ؂_ ZRˬk&$I3Ʊ+0"*NhV$P2՝aDKop@hy|{ [DxQ)WA.^o7UN =vˆx7a٭xXV֌rc[Qt(SQe~ۘ^P&-V%8I B(l F]呂8"6lAˢ>'ĈNs1J(aZώ%Ʈ$JjadW}$ƽtyy`LG8QuEMm&ص ka %bl\M'p.$XD Ň>w KCj8#Ae3)Muk 01`"ΩTh,vx#Sȥkc.ZE9TWK.}KBG2KN+ߥtW BZcě`Wes[ɣ.j"D*Q jD-~0u7|^.wnl{S3#66j=!v ptc;b=mj+LxAU8Ow| 􄼥޼vgO%YՉH ,ݾ[q9ujLx6ڢ#R~DXSew" Odn-&~iXj>H'*t=jhDѤJ xDvjRcrzv_C)ZTC "x֥9˛p'}ZpYXkO:Rga^17`^*iB¼{֜4 v"AfӃ'ؙHsm h\z1W-nᮦq]C/N‚4X 7_aw׭msd'M:u^aci7t]stK73>^3B{s(ˎ1/VWS lO1bV`HWlfmmIU+ ַg%.04%n蜜nMPDua8TJo[ J=J0+ƘZà]Cۿ-'|͈Vs%L.>OcBzX1@>+pS CR,6$Ae5T?0r{돸R(?jUeqb+Y75 Ui_Ĥ8AnIx7 nZ4X0tB`߄7G8 :{rPZ-eFd>hTHґu `<{H1K= o~{@\r q,Ye)+փފ> rF@Yj!u=H]U# `xH(zh_mnaȀΝk=%Cߑ7>'죋B 3fB1c}s6$EuE)d; wKy–s\vCYuh c6zSP!嘭#!+^bΑ:$;ֺpsUa"W'p`\`sr@KL*2&Bs8{_o]&j&[vœ 5" L1 IA!Cs43DDc^ô kfĄ9 e3[_jx}8p@>uLQXj*!b3wȣ4ϓ/ g_$R} (aU T, !L)%n67p>9eY,a48`F" Ug8=jܕɭ90 0!YK7`C'[jE9Y|ob{LgA~,M.usx\jHGcPB<_DkCa]NL×>0}(-ŌCZQJФ*!dW`ǪZJIWt^ߧxw0n?W .4W )WPx r##vFCd4`fڛ],\q}}unHݴZ{zӾ;Wuѹ3N֊_ԝNiYu}Ӿg31F;6/M&E`,eje)3C9-j6W#\]drxixɎ(azh,.6qLO|ݻ@)Qe;ʋ QW~c8ecjl޴]-Zq-ƫx]bfhw>0 M/G}*4]V08SDnu#Vn"(( FFy;MAQ~ π>gyv~^_nfF9?ϴ2ʡ埡 fe\_,@ ^}.3s _f y2z'(Q~d_BeF9U^\eUuw@t2OK'C\\g5 Mtn]A֗_SV9)O@O۬r o3ڿ\'I72q S*R~/2苬+ OY射:(? }į2VNa{Ar!Wge_7C@q}}i&R+ ]Q%5Mk[I2nX_Kȣ_xi +{SyDǹW4<< X1rnmuS"[~|^YylcWuPxZLԸRGpoQV"#<5 |a}F?fze&HqѿnolZ+O>j*85ߜ:I<w RK,^ ,>O1 Dz"t5HÅ6@$;?}7,cGj$RiErT)玿ߓNn0lFp@DP100UUEVro9 VVK D`q9#Tx|DemƫPs&m\ŠMCao/aKZö`Z;=l4dj Y }d)049Kh A z}y<8c)L#[ ^4]A.|#zdp!gB-ZыtHeD˺|B` ,jϗ=3;nb扵U$7O6#Erly061OH N,ꩃ#V}<# Ⱦ(ty9e"r"xNܶ 3qLa\Dm8ʨ5]{Ry - Z~nҸx+jIH,C8f\3&2 o§On3A ^m o=1I45~ɉd (W kEFh 7Ոq623ϙ;/5L c1 0r*}O|l[8=ۺ9t؆"0 ]ݸ3EVиK5 D 9bH'aV %iW3!?gjITg3B '~#pIdh/1IB m`Z(>/tA0#ȯb\='ݹfsHL#d[l,&(4v$ѓ]5y 0p;'SrY`_GFb+M{Vk*q.w 0,Nd=:q{MʨϮuY D愽HaC4u׌ezԢı"䴯Iױf=Uws,w?cPxUE0@;Cf Kǣ,h :BQFA}F^\摜 )4Mϫ΢R o6b:m% 1o%:F*HԲx D=.X">m?'.}Nu+H "@"d̴uPŗ;wiR*Jl;:ƍd2- ΰ>̂;OulÝg@ P⁜2ћ!]c*۳i|?e Lt0͡o0kn>ʷQ$L{ˍ_d%\#dⲭ3@FC0!Zim,KE%&(Xp\'AΙls;\r"#<[_ڵlAt [=] vE hey" 7]!Kb Cc]R>ŔK ]'[٧3й?-{7/ e;m"+,{ QAbF݇9N]Pjã ,Wc<ҭ<P0_C^&?c5Vqٮ7GLcݰKQaW:n uywDn^sQaW_A wVǰY2!&ۅ7O80Ux|-h\}{ݘ_;i9LgѸ:"?X=<,;bN~LʹcaPֽk xٚջHQ#.fY|Ѓ!gn耵]ĵ6y8 ] 9l!j1Bi6eY1}t1yLX+0W_kAsL5̳(`,$v"VKjMΡmjpR!acTx 1L(_G,Yגu!xZ~΋{El>WNENE<<Sf}')VSL_Xџ_Q>q*'\%ƕ)z@Xqɩ8To>_˛wByֹIg#RI>QoXyx8~'c(FRqO\|j?(>\tnb3t㎗4N?|jJaE eiNђu:7V]7dEg .A|>hy6#xL MTUA$摝7yE1u=U.ɡRvᷮ g۲Mi8PU>\JBS+$Z/WfTN˚J܄;"6BKFslx6 qSi(