ITP.net’s Cyber Kung Fu Master Class: DNS Cache Poisoning, with Infoblox

Peter Goodwin of Infoblox coaches us on the Web-traffic redirect attack

Tags: Cyber crimeDomain nameInfoblox (www.infoblox.com)United Arab Emirates
  • E-Mail
ITP.net’s Cyber Kung Fu Master Class: DNS Cache Poisoning, with Infoblox This month’s Cyber Kung Fu Master: Peter Goodwin, technical director, Middle East at Infoblox.
By  Stephen McBride Published  February 26, 2015

"The code that is downloaded is perfectly legitimate code, with malicious intent, and as such will pass through all the security measures that have been put in place, undetected. This can be likened to a person travelling with a legitimate passport and visa through airport immigration and then causing disruption once he enters the country. There could be no screening at the airport that could have detected the malicious intention."

The injury: I can't feel my legs

So the punch has landed and the target is reeling. For an ISP, Goodwin argues that the biggest damage is the loss of reputation, whereas website owners, especially e-commerce businesses, direct financial losses could be considerable if the website were to be inaccessible. And then there is the damage to innocent Web users who may have malicious code downloaded to their devices.

"DNS cache poisoning attacks will only intensify in 2015," Goodwin says, in a warning for regional organisations. "The banking, energy and government sectors would be the most targeted for financial gains. The transportation and utilities sectors would be targeted for disruption of service."

The defence: Ha! I know Kung Fu!

When responding to a DNS cache poisoning assault, hardware appliances do exist that can help, but what if an organisation is unarmed?

Our Master says: "Existing intrusion detection and prevention systems, and next-generation firewalls may no longer be a sufficient means of defence in themselves.  Enterprises, including ISPs, now need to consider a robust and multi-pronged defence strategy as a means of combatting these modern threats and the malware that reliably use DNS to evade existing defence mechanisms.  There is only one effective way to address DNS threats to network security - directly from within the DNS servers themselves. Security built in is better than security bolted on."

Once your mugger has bolted, it can be very difficult to track them down, Goodwin explains.

"DNS by its very nature allows you to spoof the IP address of where the request or the response is coming from," he says. "You can, however, know that you are under attack by just the nature of the amount of fake responses you are getting."  

Continues on next page>>

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code