Linux has a serious security problem that once again enables DNS cache poisoning

[DudeAsInCool]

Enlarge (credit: Getty Images)

As much as 38 percent of the Internet’s domain name lookup servers are vulnerable to a new attack that allows hackers to send victims to maliciously spoofed addresses masquerading as legitimate domains, like bankofamerica.com or gmail.com.

The exploit, unveiled in research presented today, revives the DNS cache-poisoning attack that researcher Dan Kaminsky disclosed in 2008. He showed that, by masquerading as an authoritative DNS server and using it to flood a DNS resolver with fake lookup results for a trusted domain, an attacker could poison the resolver cache with the spoofed IP address. From then on, anyone relying on the same resolver would be diverted to the same imposter site.

A lack of entropy

The sleight of hand worked because DNS at the time relied on a transaction ID to prove the IP number returned came from an authoritative server rather than an imposter server attempting to send people to a malicious site. The transaction number had only 16 bits, which meant that there were only 65,536 possible transaction IDs.

Read 14 remaining paragraphs | Comments

View the full article

[kaitlincampean]

Hi, what can this lead to in the long run? I don't use Linux, and it's not entirely clear to me what this means. So far, I am only studying this topic, and I would like someone to explain what this can lead to. In general, I only recently learned what a DNS server is, and I discovered that I did not know such an important thing in my computer that makes using my gadgets so convenient and safe. I found out about this when I had an error related to this area when the computer was running. Thank God I found the service quickly itcompanies.net, which describes everything in great detail about how to solve such problems.

Edited July 5, 2022 by kaitlincampean