The Domain Name System (DNS) lies at the core of the Internet and our own corporate networks, but most admins and network pros barely give it a second thought. An exploit discovered last summer that's now starting to spread
should make us all take DNS seriously.
The problem comes with the scary name cache-poisoning vulnerability. "The vulnerability involves a weakness in the transaction ID used in DNS queries. Currently, replies to a DNS query have to contain the proper transaction ID, which is chosen randomly from 65,000 values," our report explains. Fortunately, there's a patch -- and has been for about half-a-year.
Posted by Doug Barney on February 23, 2009 at 11:53 AM