Hundreds of thousands of Internet servers may be under attack, can be no knowledge of Internet users from legitimate sites to malicious sites.
2.5 million units by the so-called Domain Name System (DNS) servers scan, security researchers Kaminsky found that about 23 million DNS server may be known as "DNS cache poisoning" attacks.
In last week's Black Hat security conference speech, Kaminsky said that about 10% of the scanned system. If you do not monitor your DNS, please start now monitoring.
In the "DNS cache poisoning" attacks, the hacker will be stored in the DNS server IP address popular sites to replace the IP address of a malicious Web site. This attack can lead to people coming Italian site, requires users to disclose sensitive information or install malicious software. Experts said the technology also can be used to redirect e-mail address.
As each DNS server to provide services to thousands of Internet users, this problem may affect hundreds of millions of Internet users.
The inventor of DNS, security, DNS provider Nominum Chairman and Chief Scientist Paul said, poisoned caches act like "people in the wrong direction of fake road signs." In the past, DNS server, also had other defects, but do not patch the flaw. Users should upgrade to the DNS server.
Kaminski said that at present some 900 million Internet DNS server. Using high-bandwidth connection, he 250 million of which were examined, found that 23 million may be flawed, 6 million at risk of "DNS cache poisoning" attacks, 13,000 units have already been "DNS cache poisoning" attacks.
Kaminski noted that the vulnerable server running in an unsafe manner Berkeley Internet Name Domain software, should be upgraded.
"DNS cache poisoning" attacks had previously appeared. According to SANS Internet Storm Center, said in March that hackers will want to use this method to access popular websites such as CNN.com and MSN.com to the user guide will install malicious spyware sites.
According to SANS said the hackers to launch these attacks motivated by economic interests. Each user's PC to install a spyware or adware, hackers will be able to get some reward. Hackers also may sell fraudulent user information, such as Social Security numbers and credit card information. Malicious software can also become infected PC to send spam machine.
Use of "DNS cache poisoning" attacks to steal user information is a relatively new threat, some security companies call it "domain attack." Icelandic DNS consultancy and software company Men & Mice's chief executive, said Peterson, launched "DNS cache poisoning" attacks is not difficult.
In the past two years, people's understanding of such attacks are more and more. Internet is still vulnerable to a large number of "DNS cache poisoning" attacks, the server is amazing.
Paul said that Kaminski's research management for any DNS server outside the organization is an alarm, especially broadband ISP. Kaminski said he would not attack using his research organization vulnerable to attack, but he warned that hackers may also be scanned DNS attack vulnerable body.