DNS hole puts e-mail, directory services at risk

DNS vulnerabilities may cause havoc with directory services, e-mails and phishing attacks, expert says

A DNS server compromised by a hacker could be used to funnel Web surfers to all sorts of phishing attacks and malicious Web sites and even cause havoc with directory services and e-mail in some cases, according to the father of the technology, Paul Mockapetris.

"Once you control the DNS server, you have license to do phishing and farming attacks and mislead all the users of that DNS server," says Mockapetris, who in 1983 proposed the Domain Name System (DNS) architecture and is acknowledged, along with the late Jon Postel, as the technology's inventor.

The issue is a timely topic after Microsoft announced late Thursday that a vulnerability exists in its DNS server that could allow a hacker to take over the service.

Mockapetris says users with the Microsoft DNS server also should be concerned about Active Directory because the DNS holds start-up configuration data for the directory.

"I don't know the details of the Active Directory protocol, but there are obvious opportunities for mischief," he says, including denial-of-service attacks.

"E-mail is routed via DNS, so if you took over DNS you could misdirect e-mail. There is a lot of opportunity there," Mockapetris says.

The key is that DNS holds a trusted relationship with users because it is the node that directs them to Web sites based on the URLs that are typed into a browser's address bar or clicked on from a "Favourites" menu.

"The trust relationship is hierarchical. So what you get to do if you take over a DNS server is you get to confuse all of the clients that depend on that DNS server," Mockapetris says.

He says attacks to try and add bogus information to DNS servers or completely take them over have been around for quite some time. Microsoft's DNS vulnerability just opens up another avenue that is likely more of a danger to corporate users.

Large ISPs typically run their DNS servers on Unix or Linux running Bind, Nominum or other software and not on Microsoft DNS services, so consumers would likely not be those most at risk, says Mockapetris, who is now the chief scientist for Nominum.

Corporations, on the other hand, do use Microsoft DNS either internally on intranets or as a pipeline to the Web.

A hacker controlling a DNS server would have access to DNS logs to determine sites users go to, such as a bank, and they could alter DNS records to redirect users to a bogus site that looks like the bank and then record password and other sensitive data. Users also could be redirected to hacker Web sites that would install malicious code on end-user PCs.

"If you take over the box, you can tell users whatever you like in response to their DNS queries," says Mockapetris. "You can see where people want to go and decide the most effective way to attack those users based on their patterns."

The attacks can go on relatively unnoticed given the trust inherent in DNS and the fact that it works behind the scenes.

"If a DNS server misdirects a request, a sophisticated user might notice but the vast majority of users won't," he says.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Fontana

Network World
Show Comments

Father’s Day Gift Guide

Brand Post

PC World Evaluation Team Review - MSI GT75 TITAN

"I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it."

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?