[ga] Re: Details of DNS Flaw Leaked; Exploit Expected by End of Today

[Stephane Bortzmeyer <bortzmeyer@xxxxxx>]

On Wed, Jul 23, 2008 at 12:40:04AM -0400,
 Prophet Partners Inc. <Domains@xxxxxxxxxxxxxxxxxxx> wrote 
 a message of 93 lines which said:

> If ICANN hasn't done so already, 

AFAIK, ICANN did nothing. Are you sure that the security and stability
of the Internet are within its mandate?

> it would be wise to immediately notify all ICANN registries and
> registrars about the exploit and the urgency to implement the
> security patches.

I hope that the ".com" registry and its registrars do not rely on
ICANN for timely information about stability and security risks :-)

(Remember that the vulnerability is on resolvers, anyway, so
registries typically have nothing to do, except warning their local
Internet community, something that all major ccTLD did two weeks ago.)

The problem is not within the big and serious organizations but in the
myriad of small businesses (ISP and end clients alike) which are
typically quite clueless (see the attached message for an example).

--- Begin Message ---

• To: dns-operations@xxxxxxxxxxxxxxxxx
• Subject: Clueless Major Backbone Provider
• From: Jon Kibler <Jon.Kibler@xxxxxxxx>
• Date: Tue, 22 Jul 2008 14:59:55 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have an 'interesting' situation. I have a client that is dependent
upon a major backbone provider for their recursive DNS services.
However, this provider appears to be next to clueless. They have put out
a notice to their customers which I will now quote in part -- with
vendor identification information deleted:

"On July 8, 2008, US-CERT issued a Technical Cyber Security Alert
TA08-190B with the title 'Multiple DNS implementations vulnerable to
cache poisoning.' ...

The DNS community has been aware of this vulnerability for some time.
CERT technical bulletin http://www.kb.cert.org/vuls/id/252735 issued in
July, 2007, identified this vulnerability but at the time no patches
were available from vendors.

[VENDOR] does not disclose the name of its DNS vendors as a security
measure but has implemented a preliminary patch that was available in
January, 2008. The latest patch for alert TA08-190B is currently being
tested ...

... the majority of [VENDOR]'s caching DNS infrastructures have load
balancers.  Load balancers decrease the risk significantly because
hackers are unable to target specific DNS servers."


Questions:
   1) How would you address the claims that this vulnerability is the
same as the one from a year ago? (2nd paragraph)

   2) Does the use of load balancers decrease the risk as claimed?
(paragraph 4)

Comment:
   Note in paragraph 3 the vendor says it does not disclose which name
servers that it uses, but in paragraph 2 gives a link that references
BIND name servers.


TIA for answers to questions.

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiGLisACgkQUVxQRc85QlPR9ACffQ8T87dgk15iDvWjO31gB7ia
8bkAn3o9+kMC+7NReHVdOvHwXaO/uxYK
=bl2K
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

_______________________________________________
dns-operations mailing list
dns-operations@xxxxxxxxxxxxxxx
http://lists.oarci.net/mailman/listinfo/dns-operations

--- End Message ---