Icann releases DNS flaw FAQ and online test tool

Powered by SC Magazine
 

The Internet Corporation for Assigned Names and Numbers (ICANN) has announced the availability of an online FAQ and online tool to help raise awareness for the recently discovered hazardous DNS flaw.

The Internet Corporation for Assigned Names and Numbers (ICANN) has announced the availability of an online FAQ and online tool to help raise awareness for the recently discovered hazardous DNS flaw.

The FAQ, found here details the problem and explains why it’s critical.

The online tool, found here allows domain operators to test their domains for the vulnerability which can be used to affect the contents of their zone.

According to the ICANN advisory, the tools are to help encourage network operators and users about how best to fix or update affected servers.

“While it is not possible to fully fix this flaw, there are ways to improve resistance to it. This involves system administrators patching or reconfiguring their DNS servers,” said the advisory.

ICANN also reiterated the fact that not one organisation can implement a fix for this vulnerability due to its distributed nature. Instead, “it requires the cooperation of all name server operators and DNS software vendors.”

Adam Biviano, premium services manager at Trend Micro Australia said the DNS flaw has far reaching implications as it has the potential to affect every internet user.

He said: “No longer just following the common advice of typing an address directly into a browser can solely be relied upon. A user’s website request could still be redirected to a fake site designed to steal information,” said Biviano.

He said it also illustrates the current trend away from attacking platforms towards attacks which have far broader reach.

“No one platform is safe from this threat, from users of the typical PC to people using the web on an i-Phone or game console,” added Biviano.

Security researcher Dan Kaminsky discovered the design flaw in the fundamental DNS protocol in July.

Security vendor Marshal explained that the DNS security vulnerability makes it possible for hackers to “poison” the DNS cache, translating users’ reputable Website requests into bogus addresses for sites that could contain any manner of malicious code.

For Internet users, ICANN advised them to ensure, the DNS servers’ their computer uses to look up domains, has been patched to enable "source port randomisation".

“To check if this change has been made by ISPs uses can go to an online testing tool provided by the DNS Operations, Analysis and Research Center, found here.” stated ICANN.

“To be guarded against the vulnerability, the test result should return as "Great".

Icann releases DNS flaw FAQ and online test tool
 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  2%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 733

Vote