DNSSEC: security for essential network services

Thursday, 15 May 2003, 11:09 AM EST

In July 1997, Eugene Kashpureff, founder of AlterNIC, took advantage of an inherent security vulnerability in DNS (Domain Name Service) and carried out the first DNS spoofing attack. "It's all done with standard MIME code, right out of the box. The only thing the bot does is make a couple of interesting small queries on a public name server," Kashpureff quipped.

Five years later, the security issues have become much more visible -- and problematic. On October 21, 2002, in an attempt to bring down the Internet, a group of hackers from South Korea and the U.S. flooded the thirteen domain name root servers using a common DDoS (Distributed Denial of Service) attack. Seven of the thirteen servers completely failed to respond to legitimate DNS requests, and two failed intermittently. And just last month, another DNS spoofing attack rerouted traffic intended for the Al Jazeera website to an American pro-Iraqi war site instead.

Fortunately, in all cases, the top-level server administrators were able to successfully counter the attacks, but all are in agreement that they might not be so lucky next time. Clearly the DNS infrastructure has major unaddressed vulnerabilities. What is the Internet community doing to improve DNS security? Fortunately, they're not sitting around idly, as the IETF (Internet Engineering Task Force) is drafting a new standard, DNSSEC (DNS Security Extensions), to combat the threats by providing end-to-end authenticity and integrity.

[ Read more ]

Related items




Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //