Jul 30 2008

Oh oh, I use AT&T

Published by at 1:57 pm under Hacking,Malware,Security Advisories

Not that I’m surprised, but it appears that a DNS server at AT&T has been the first high profile targets of the DNS vulnerability discovered by Dan Kaminsky. I’ve been testing my internet connection every once in a while since I called out AT&T to patch last week and as of Monday it appeared to be safe. Even the 3G connection I’m using right now appears to be safe. But at least one server in the AT&T network was vulnerable and HD Moore’s company BreakingPoint was the target. A little bit of delicious irony there, since HD is the creator of Metasploit and released a plugin to test for the DNS vulnerability last week.

I’m getting tired of writing about the DNS issue and hope that AT&T and other service providers make a lot better effort in patching for the vulnerability now that it’s in the wild and being exploited. Dan mentioned an interesting set of statistics last week: When he first put up his vulnerability test page 78% of all tests came back as vulnerable, while as of last week only 56% of the tests came back as vulnerable. I’m quoting these numbers from memory, so they may be off a little, but it’s still an impressive effort to patch. Not nearly good enough, but still impressive.

I hope this spurs a fresh round of patching by large service providers as well as smaller companies, but I’m not going to hold my breath. I wonder how many more tricks Dan has up is sleeve for his talk at Black Hat, because I don’t think we’ve seen the full extent of this vulnerability just yet.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

4 responses so far

4 Responses to “Oh oh, I use AT&T”

  1. Leonon 31 Jul 2008 at 3:32 am

    BreakingPoint was not the target of the attack, they were just some of the many people that felt the impact of up-stream cache poisoning.

  2. Dave Don 31 Jul 2008 at 7:16 am

    I look forward to see how the patching goes. Great post.

  3. Michael Jankeon 31 Jul 2008 at 5:02 pm

    Should providers patch even if it severely disrupts DNS service?

    Some of our busiest recursive servers slow down, puke, croak or otherwise get rude and obnoxious when patched.

    http://marc.info/?l=bind-users&m=121726908015389

    So patch & break or remain vulnerable?

    –Mike

  4. Jack Danielon 01 Aug 2008 at 5:43 pm

    In the past couple of days I have seen AT&T DNS servers returning invalid responses for high-value sites such as eBay- and causing problems for some of my clients. I can’t say for sure they were compromised DNS servers, but the circumstantial evidence is pretty strong.

Trackback URI | Comments RSS

Leave a Reply

%d bloggers like this: