|
|
|
Security Company Warns About DNS Attacks
By: Ian Betteridge
2005-04-05
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
SANS says a possible hijacking of the Internet's DNS system is redirecting users to sites maintained by the attackers.A security company has issued a warning over a possible hijacking of the Internets DNS system, which has resulted in some users being unable to reach some Web sites—instead being redirected to sites maintained by the attackers.
According to the SANS Internet Storm Center, the company first received reports of so-called DNS cache poisoning attacks on March 3 and has been monitoring the problem since then.
DNS cache poisoning works by injecting false information into the DNS caches of compromised servers, effectively causing them to reroute traffic away from legitimate sites toward false ones. In the case of this attack, compromised servers were pointed to an incorrect address for the root entries for the entire .com domain, allowing the hijackers to reroute traffic to any server with a .com address.
However, according to Kyle Haugsness, incident handler at SANS, rather than simply exploiting a single method to temporarily compromise certain DNS servers, those responsible for the attack used multiple methods including DNS poisoning, bugs in products from both Microsoft Corp. and Symantec Corp., and spyware to maintain the attack over the course of the month.
"After monitoring the situation for several weeks now, it has become apparent that the attackers are changing their methods and toolset to point at different compromised servers in an effort to keep the attacks alive. This attack morphed into a similar attack with different IP addresses that users were re-directed towards," Haugsness said in a statement.
 Symantec issues patches for DNS cache poisoning flaw. Click here to read more.
Although the identity of the hijackers is as-yet unknown, according to Haugsness, one of the attacks "seems to have been launched by a known spammer," and the end goal of the entire attack appears to have been to install as much spyware and adware on affected machines as possible.
The domains that the attack redirected to were, it appears, purchased just before the attacks began, and more than 1,300 domain names were hijacked, including some of those belonging to American Express, H&R Block, Fedex, Wal-Mart and CNN. Although none of these sites themselves were actually compromised, affected users attempting to access them were redirected to the hijackers sites.
SANS has declined to release the names of any of the companies whose DNS servers were compromised. However, according to Haugsness, "I would conservatively estimate that 500 to 1,000 medium-to-large organizations were affected by these attacks." Most of the victims were in North or South America.
SANS has advised system administrators to block IP traffic to the addresses involved in the attack. Users should also check that the configuration of their DNS server if it uses Windows NT 4 or Windows 2000, as the default configuration of both these products is not immune to DNS cache poisoning attacks. Several Symantec products, including some versions of Symantec Enterprise Firewall and Symantec Gateway Security, are also vulnerable and may require patching.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
|
|
�������x}rȲ8b9kܽ$0�
�62t{ĉ TBҒ̜ƓYUq�KgvG۠*eUfefeeee}Ggo�D.�018̢d���7郿O$w�m���Lj9UQ#C3W)9S]M�HwW3fcө�P/W�a��W�᳑(,�Q � tjOt0]2x�
wtL|OT�S_ƾQ/?6Gu�Lbh�qF٤XC#�: rWü'~0h-'@I�R(�Ѻ�81QQ�Rp�߱L-:
�;|7*UN�8Spycf_ʞ0ɡz5E�hDԸ#|x\'{'d3#L�=..Q^�Z�-G�Z�U�X'�[vb�䅠1FE�8 ;wG�A%�;_qؓ:IuhlUD`iR�bfx���HÑcPWw,ǃ)�TQ3#mjZ�35-3G@ؾQ̀� ��ݢ�&q#!_TB�p` V�R��̳X�#vR0w�cE[#Uֶe5�]~7m�g�BHUo�~�cnh�K �Tw<-0�;DL<:/Dz�yÙ[~i IA-
UE9)V�Gщx!`چ[=bTyݙ|Z�~]*ePPN}q#�GA
f�mkh[J"ib�>}rԺ|'�뷼��;Aڼ��@m&1W`J�LTRbdd"���P}bCG,{B�rM7JQ߸pQ�N
E�٥z'Y̮g��f�V҈�g�UUYNۭ~S~2vEӛv��l,Oa�R)����ؕΊgxo_:nϛO�fGλ7>k�>;3���tfAZ|]kU[_��lxiuHej{ d�P[w8Lwjt$�~hv[d�[�O/g$'mL&EsI��{훨-4K[W9K
}1xc#AX*,>JAͼ��94��o��o SNE ;-�uj�vf�Px۬ ���r)
4K3;�n�ZK}0�[-RFp&�\
Д��a�Cǘذ�1�"%����mRU/��(_.[�
jF|*(If({�/3�A.r)#�� 6=aL+^뻹(-�j�\�֛esJ�Vt]�ۻ0Eя0=Tp�x=�7&]wz]iz-xX18�,]evb`\\�Զ7��Ql:�?o|�5�'r*'@8ʍ�??1m!S[�ö@
.S��i3+kY0�`�贆�;mJ{ϧ0gPP�?���M��/6}@˥~a�>1 @�
L�na�
8
V83
�4Cuәݰ�=��W�ԇ9[�D�5�7
�l"�v|3c)м`y��`27C?�F{t(
5�,/��{@`\@Z�8`�$8ʼ��E�]q�k3B�7}��Ŝ�k
M�L<�ģL~q
(~9-WR���C/0tSt�僂R{`ELE2a5?�%ӇfS/0}ęR3B�ZsOs�R| g:[[I%7˺7Rum"$l�J�Ұ.�Z*���Z�!d[�}aa6E]�QZRKHD@CR)Ե�
aY��^`(yt�M̆ТQ҆�T���Ss�
��
XԂ\Te��Ȕes�8UK�P'fڹcK �l� �J;4
Ho�`�:7bbˡ\2
aN3�}9�!=��r;�6�7�?��K��\<<�v�q'��Ia e�-6V&fj>Y[��*^�|�W(���+�ȁUruXkj2읷�]!/_(7��y+�Co��Lu�D�m�G��#|Ӛ#{Os']�)=D^ClX.)EUi?O~�5<2.eX"�{��9V:6ʼnG փ x��U�5�V8wf|�<� O?�a�⢉�!h�3�E��&hӘ�NwH�@�5-
?IA��G�ҟs�tP6]
Q`9Z0b�^+(T�?5U�U*~m��joR.4F�@�2( C�s�]QYd�C_C.n<1/T>3�>(/M3$J1N�*,7ATS7EljCW9.^ٸ��ڗy;@<�uP(%Pm0�hRIpg=HY9V:9iz6eV�A~Tiv7oQ:\ 5MУ{
+7e*r6�*|
z&:vi0vM0\]>w6EL 5#��"� Q�&�CJAy^�iQbWa�;:l�./]>lf#g<,Q��hn�1]
�g>q�D��v͵T|�`5[~G�(.lq)%\.U���J+A�ekrฦ[;mICo`k3ߪ�CAy�hUf̈:T2�B�;b`"
]kۛ4�N>g��N
Xe�0Lv*J�p9т�NQ�=ȫ\,Bn�|tǞfP� X%7u1H҇>Jc-!Íj6�bE-) 5CoD�D\u�9MLt��� J �l�v�~XC+�kLo9���2j>sP>*���O���d3���8@X8^<�+fۤI)?+u_�bm՞wyӾ|\�W�u_uWǼuOE���D߫%�KKx�fq/R1)�X|xxՔڝ�?�pȾ�ʂL�@IP
��4�#7=!i�kCNՋCul_n;�e��10Z
|/>hiv�N}J|I{ٽNe%%{�w;�j�Kc烬�F�!y.[FS�L�o2�YCzz��I]a��"TX�()�MuÙ�c�9��\zB_ɾ�X�n!sdQh4'l�/I�
Bf/�3b!�|J'<ޅAP���{ r
H)'4
�v9:�\b/H��VB�0F�D_TJi�)4z'u�3xluo�)��5��Eы�ſ�F{�}�-'��:}iF��`
e܃�"�WVr[k'5۟H�
NAv��lq_,��9�e�n1�~KP -Mu?nSo4�jG�Yk�NE i�=O[�?�
�cd9�a�(�&Z)�I�;"u͒2x�9'�:0SBt��82H P)Y$yYMzJ,R&HV@]�ү_2PI,v+ht4lAz j��Ú�]e�.iw6D20�Y,7[
.VlG0_Ӹ\b�D XY�+o�xt7>CT�I-�jշΫXP?'�b.�Lx�~@0EZ\գa~�=ԥztT.vwj̣�my~(ϴGNxR�7Ć#^@)s^XL1k-�x'[gYZ*t0w쯾���d#ޣd=fc�T1;�.`�Y��=w6���OذE�{�7mh�ZG(WV-w#h%5db�xnP�6,�x\�?Jdc:��M"�I^U�B¶/WU�$]d%�~�VxF0�&iulځ;�-�3(�lm3{zi�8_2{K�7Kx=*~�#'kL��w.�z@z@qSx�{Zg%QJW=�(q
@kjiAr\2~^YZ�䑽D���XHڃ}co[#D:*pcM�i#º
Q>F�t8a�=�'R8�2Ϭ�ҙFMD?�GR-Owz
GňY?O!��3F9IG!� l
mk>�
VIx>YD=gm\(&9?�N�rJFMy��<&Tlt!A)��*Sx�Xv
~E~
:%{+%<�DUHkV|o@8Ҽ7l��I#깓,=Aɛg�R*'{ ���n�-x1q]�a7��;�3 .-�1P�`Y>&INW�(}�gILMz0]Bd,dAWAg�Hu��[;-6CV�
Mt0!,��c3�mpe��yX'v�h�G,3ʍNVp^�E�#l��ܡI*qJM>�Vm�O$,Il�v���= A��8λS�Rh,)֤�cDHn,d.r7�,Eyd} (r��^��/�/k� LwqXZoa(Vh���UQ 4,6o{W��dB-FL}�%$v���~�ZZtT,'e�{5)n o�)rG,�**5PDŽ)ѐs֏�Ua#�Lzu6A0$`3gk~ ͇㆟T>**˥�>~�D0(D@���
aP$�f!M =}KLA�xvxַU~
ʓRAy<4'g�:��̩/5z����Ӈ5�cA2|N=7�-I}'zڽkRV+J�+�o@C5Dj$ZD
�l-頡lMpE3�ڑCPܖӭ�V2>XRmJ�毨a<`.�2xU�S]����x]-![X߮N�RTegg/�a-nYs (Y�_}��w@ċ�luq�,C�7"UTcKjy/=S
:K�1�S�a
2�B:�&i�� ���$}~@�B�qZ�S� ;+0.ʪ�'i
�UǛK-'RE
K1̾ãJ�F@ �JB'LR݄�uS��1D?W�G�mLJ%Lug�h5;jK�}X*J[GX;`S @��$1@ҕ,kU#>>
qGr�#�kx^R[^�:¸~q7�7�7�7�í��
O�]�8ܔ�^�&k0A�ֿv@[�� ;�ǒvW{��ԢƘ��JP�?�-y aq :bDTOW
�_z�6
aYY3�~m@T�zf��gB~�ַ?+ݗ0��֧vVji�:�X|�]�kYA16R/�ؗwz�@�m�&Ԗ~13�
,h~m��d&N૯p6"�F�|mgZ;@-}�&��bL,��_}�ۤTfcWXOL
`�{
Ro,CGj�Y \m~`Uwm v;Ct±Ms�G�0�c1;�v��!0��!Ĭ �!��mqo[k;"6LFС/iEc�N�Ѝk��ֳ�"�,�aqE3�qc��1�??UDz&�v��,*al>
HxLX8~,�m�K�` %�c'R)
\�UOz}�+�:
���{{[�B�L+�X�TJ_
%$G]J\+x+A.WF�iåM�W=MaI:fY�OKx� ɿ=hIGonl^Jkn{Q�T2u�b
y;ASkks�.ʹ�¶/�roO�6`��l��-0�VHEQZ.� RXv!m,ѩsO*eXBH�nh>9uy�=�oO3@84kI/NI��$8�&wGBpƊ8e[Y�@B�
,�M y$%]1��;>&)3h�νc�o�(��5?}1r
үV#��V-G
Ɠ/*`"6,k;�hO�>},�b1DKb��@/_j�ǐ}L/=|\,6T=mqlnw�=uL^3.Ndã�EсrP�(�
x��}�-�6GӪ=F(K��l�
4Ґ4�r'u[>6V�=�k9�PAgt~'DYF3{4;0S\0��3ط�/0q_�n]��L�G�uT{5&�s�4;8~/$�&ФC>y|W [Dx%�Q�)�b.�^�o�N Avx$�aw�Ƕ/WVG˸1�}M[,zmKp�B&��]sR0B�q�aq���BX���E��m�8UNDp
vSr@Ym�+A#샒�=�%h�I!,q(Ds��!.?�Ñ:YX��Z�uï�P&G�B�A8A�XJ�o,"Exa��o}q�uQ%ǤXFpxQiLʃxSZB=LO�sj4�1E!�K�r>&ƘKjxKh�%�>%�Zk�^�YR+ȈZab�\!1c}TA9-�Qj�5��+�RU
BI��?��Zj>A1XMi3t�3#66j=!vӚ p~c;�bw^mj�+LxMW8Ow|
vw�O�%YՉQ��-;[埏<�'y6�D�&Z:<~Q-DR1&��1�('���pr�|w\�1w[
w5k(�zɎ+�AH�+G�~Ōc/0K{IV^YC92Ytf�ێS�F;6vCW5ATJ{3�eJMh>#Ծ7=F�#1?n9�0�؞ah/,9+?d�/0̊�ےV�m5J�ۅ]�aiJ"%0qEB5��mb�9-ЁHz.M
?_J m+/R�^�f�VܞVk.�`�@�vʹ*F6#ZIikxw42u4ƿB���L50��)�G���n��4�7#\C�P�|¨-C7돸�R,)T'od@2Io��H H]�U#
`�xI(��zh_mnza�Ȑ]M5wfM~�ޖ�<�ySM\�hj,u$B��x�Ys�C�sH ]TW\Axw;�xt'l9e>qXz��{�φ\o|J7��[�>�B8!�iN?퇛r�1�Iݾ`?Ð�3�{Y�Z"#bR1��@Q>�~1&V3!"��L�s6@@P0H��73AX/F$E�&&Dc^ôukfĄ�9
e��GX_j M> k&(?,p�E�
�{GLƙ;fQWs�8p��HM*b%t]\V�P�*@J��>Q�|6XP؟��?pk2�%H0Z��nf�`�:>�"(S[��]ă0>]�whS$=LpW'Fa�fé�`6�\�oN���*r ��P�:ς]9s!aZ; MꪂO�J�BveX
&zykwy
|7(fY3{�8~BO�z%rEuW0`A-'�rdhhz?{�v@|
LBz،\�;�1+C39ސ�9iHi}owi{'�}��\MGݩ;U}M�;�;təcdhw>0?�M�/G��RU8iz67a�nq���4ħeOW\=4[E%eF�(Q�Q~�7�.w3ʑ˛@f+�֗�}3�>?B�\͌r_;i_eC�?2?C�2�>vNt�N��ɂ�dз�dЧ�w2�v2�Oѫ�>A�((�#�坌r�߫�ʐ+�B�f.n~�kx:����{/�>_?/�1>ArS�~~2w�Y�{�f�wɹN2!(odY��NOot�pN3Ki�ʠ/ޯ{'sg+�Y\W�KM0TntEճ�fZk
ǸJuv��^_B��KHe^ٛTzcGP�78%Y}M�#�h��toĶ.�p��&}:=WWvl+Jy._[nNJ>S\ȜHdc3,F�Dkaڨ7'%Y#ܻ�GznQ'��Lg~�<'Ԋr�nOArt_Ew�MAw/[/�^ R:�>bՇ�ބ""��(�uy9S"�r"N1
ųqla\Dm�8Jފy],ߑ�z�nҸxg^��0
�70>UTx�>}t �1-N/�틷�@$�Y�AŊr2��O�F�du#�Oaq�1ld@(we6Lm (~%.,wf93CXY=y�1G}l.q�5sE�Eא�E,&JhӄZ�{JfBM�'K�YN/}Ǧ e4`,<��"s
k!vk2}jQwh}rפX3��ܪcQGÇ5 (Q"3�qm(!3Q�]HA%F{�A�}F垓$g'_5�b
Fi&b3@p�+cx gLw}�/�F2z
l|*_Odxª~axx=&���gsx���m0I�S`i�/B�s^nT "+1��<&`#O����&�\f��n�[im,�KE�%&(Xp\GAΙl�;>�Ba2\�T�G�x
k�ok3gz��Ϸ{���<=v7�sgC'+_2ҵE�n�B�SVJrX}P/):�OOg�sZ�%+_��Ho"ۖnFTt
�%`GY&U`�kv-�8utvQѪ
V�7"60^Yw�SR�l@�sxS
a
\nXe�ܔ�1uF:®54-���v�щ���߉�n^�QaW_�WNENE<<�Sf}')VSL_Xџ�_Q>q*'\`�Tb/@Xq٩8\o?_˛w�ByKN1�$ghv�V�;v�@;i a�%
ѨT��߶/+Ϻݛ�,�-M㥧�o�RXBYS$DM� $zf}>Y��uK+_0jF[Wy�&F�Ϧk�5P.T�q$摝7yE1�um*H9�vᷮ�g۲M�*d.%r�R�۬+EiQm*'
sfan%nǝl| �n%96O`�[�
P�9��z(��
|
Network Security & Hardware 
