Page is a not externally linkable
pageoneresults - 6:44 pm on Apr 17, 2006 (gmt 0)
As I dig further into the depths of recursion and the layers that can take place in a cache poisoning exploit using a redirect, the names in the obfuscation may be those that might be associated with these types of exploits. Why should they fix it if they are possibly profiting from it? It gets really deep. :( That's just one group. My sources tell me that a good portion of this is due to laziness and that many are just not aware of the issue. Hence the reason for all the research being done now and warnings to help prevent this from happening on a large scale which has happened already in a couple of instances. Secunia has a recent advisory on the BIND issues here... 2006-02-02 - HP Tru64 UNIX BIND4/BIND8 DNS Cache Poisoning Vulnerability 2006-02-02 - Q-111: HP Tru64 UNIX Running DNS BIND
There are many old servers running archaic linux distros that never got updated... somebody should tell these "DNS poisoners"
[secunia.com...] BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack.
[ciac.org...] If a nameserver -- any nameserver, whether BIND or otherwise -- is configured to use "forwarders", then none of the target forwarders can be running BIND4 or BIND8. Upgrade all nameservers used as "forwarders" to BIND9. There is a current, wide scale Kashpureff-style DNS cache corruption attack which depends on BIND4 and BIND8 as "forwarders" targets.