national computer network Emergency Response Coordination Center on the DNS system is facing serious security vulnerabilities emergency announcement:
Security Bulletin: CN-VA08-05
release date: July 24, 2008
vulnerability type: Spoofing
vulnerability assessment: important
security level: level three
since July 9, 2008, CISCO, Microsoft, ISC and other Internet DNS software vendors have released a security bulletin, called the DNS software in the presence of high-risk vulnerabilities, an attacker can guess the message sequence number DNS parsing process to fabricate the DNS authority server response, so as to achieve the "pollution" cache (Cache) in the record the purpose is pointing to the wrong domain name information into DNS servers, resulting in contamination of the DNS server will provide analytical results wrong. This attack can result in domain name hijacking attacks, making the public through the domain name to the hacker to visit the designated website, facing a series of serious security threats such as phishing and web trojans.
July 22nd, for the vulnerability of the probe program was released in July 23rd, for the vulnerability of the full attack program was released, and then widely circulated. I tested and found in good condition, the bandwidth of the attack on the program, there are loopholes in the DNS server in just a few minutes to complete the attack, attack targets will receive a large number of instantaneous attack packets, is mistaken for "query flood" means the denial of service attack.
In view of the severe situation of
security incidents and rapid development, to ensure the safe operation of the Internet in China, please the relevant units to take appropriate measures to quickly run the DNS server security necessary, and strengthen the monitoring and disposal of abnormal.
1, according to the corresponding vendor patches to upgrade the DNS server system;
2, because in the process of attack will be the emergence of a large number of short-term DNS forgery response packet, presenting a denial of service attack, these packets to IP, IP, IP of the same address, but the sequence number is different, can be used in the condition of protective equipment (such as firewall, intelligent traffic cleaning equipment etc. the rules of the corresponding configuration) to block or filter;
3, regularly clean up the DNS cache or cache after the discovery of abnormal access.