DNS hole puts e-mail, directory services at risk

DNS vulnerabilities may cause havoc with directory services, e-mails and phishing attacks, expert says

A DNS server compromised by a hacker could be used to funnel Web surfers to all sorts of phishing attacks and malicious Web sites and even cause havoc with directory services and e-mail in some cases, according to the father of the technology, Paul Mockapetris.

"Once you control the DNS server, you have license to do phishing and farming attacks and mislead all the users of that DNS server," says Mockapetris, who in 1983 proposed the Domain Name System (DNS) architecture and is acknowledged, along with the late Jon Postel, as the technology's inventor.

The issue is a timely topic after Microsoft announced late Thursday that a vulnerability exists in its DNS server that could allow a hacker to take over the service.

Mockapetris says users with the Microsoft DNS server also should be concerned about Active Directory because the DNS holds start-up configuration data for the directory.

"I don't know the details of the Active Directory protocol, but there are obvious opportunities for mischief," he says, including denial-of-service attacks.

"E-mail is routed via DNS, so if you took over DNS you could misdirect e-mail. There is a lot of opportunity there," Mockapetris says.

The key is that DNS holds a trusted relationship with users because it is the node that directs them to Web sites based on the URLs that are typed into a browser's address bar or clicked on from a "Favourites" menu.

"The trust relationship is hierarchical. So what you get to do if you take over a DNS server is you get to confuse all of the clients that depend on that DNS server," Mockapetris says.

He says attacks to try and add bogus information to DNS servers or completely take them over have been around for quite some time. Microsoft's DNS vulnerability just opens up another avenue that is likely more of a danger to corporate users.

Large ISPs typically run their DNS servers on Unix or Linux running Bind, Nominum or other software and not on Microsoft DNS services, so consumers would likely not be those most at risk, says Mockapetris, who is now the chief scientist for Nominum.

Corporations, on the other hand, do use Microsoft DNS either internally on intranets or as a pipeline to the Web.

A hacker controlling a DNS server would have access to DNS logs to determine sites users go to, such as a bank, and they could alter DNS records to redirect users to a bogus site that looks like the bank and then record password and other sensitive data. Users also could be redirected to hacker Web sites that would install malicious code on end-user PCs.

"If you take over the box, you can tell users whatever you like in response to their DNS queries," says Mockapetris. "You can see where people want to go and decide the most effective way to attack those users based on their patterns."

The attacks can go on relatively unnoticed given the trust inherent in DNS and the fact that it works behind the scenes.

"If a DNS server misdirects a request, a sophisticated user might notice but the vast majority of users won't," he says.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Fontana

Network World
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?