I was reading this article over at NetworkWorld today on a study by a commercial DNS vendor that concluded 1 in 4 DNS servers is still vulnerable to the big Kaminsky vulnerability.

The problem is, the number is more like 4 in 4.

The new attack method that Dan discovered is only slowed by the updates everyone installed, it isn’t stopped. Now instead of taking seconds to minutes to compromise a DNS server, it can take hours.

Thus if you don’t put compensating security in place, and you’re a target worth hitting, the attacker will still succeed.

This is a case where IDS is your friend- you need to be watching for DNS traffic floods that will indicate you are under attack. There are also commercial DNS solutions you can use with active protections, but for some weird reason I hate the idea of paying for something that’s free, reliable, and widely available.

On that note, I’m going to go listen to my XM Radio. The irony is not lost on me.

Share: