ITP.net’s Cyber Kung Fu Master Class: DNS Cache Poisoning, with Infoblox

Peter Goodwin of Infoblox coaches us on the Web-traffic redirect attack

Tags: Cyber crimeDomain nameInfoblox (www.infoblox.com)United Arab Emirates
  • E-Mail
ITP.net’s Cyber Kung Fu Master Class: DNS Cache Poisoning, with Infoblox This month’s Cyber Kung Fu Master: Peter Goodwin, technical director, Middle East at Infoblox.
By  Stephen McBride Published  February 26, 2015

"It's important to appreciate that cache poisoning is not a single exploit, but a family of manoeuvres that has changed over time, with new techniques constantly being developed," says Goodwin. "Some are far simpler than others both to plan and to defend against. One of the newer methods, called the ‘Kaminsky vulnerability', is fiendishly difficult to defend against, and while it was discovered in 2008, some DNS servers remain unprotected from it."

This month's Master points out that DNS poisoning is a lot easier than breaking into a database, which would traditionally have more security layers around it. In fact, DNS is not an area that organisations have been worried about when considering cyber security, according to Goodwin.

Attackers can use rented botnets or, if they have the right knowledge, open source tools to accomplish a poisoning. While most targets are ISPs, occasionally an enterprise's open DNS Resolver may come under fire.

"DNS resolvers are typically internal to an organisation and allow queries only from the internal clients they serve," Goodwin says. "If these are cache-poisoned, everyone that is using them could potentially fall victim to a cyber-attack."

He adds: "There are many more appealing targets than ISPs. These would be banks, government organisations and the energy sector, where the motive is theft of data and intellectual property, or simple defamation."

When it comes to attackers' motives, Master Goodwin cites two possible incentives.

"The first is the pure joy of proving that a high-profile organisation, as in the recent case with the attack on the Etisalat website, is vulnerable and their systems can be compromised. And the second is malicious intent for financial gain. People logging onto a website that has been hacked are redirected to a malicious site that instantaneously downloads malicious code via the browser session in the form of botnets, advanced persistent threats and malware onto unsuspecting users' devices, and steals their data including sensitive information like user names and passwords through techniques like keyboard logging.

Continues on next page>>

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code