Connect with us
X
Categories:

Technology

Unsecure DNS resolvers provide a significant danger of website hijack

Published

on

Unsecure DNS resolvers provide a significant danger of website hijack
Share this post:

Hidden DNS (domain name system) resolvers create a means for carrying out email redirection and account takeover attacks, security researchers warn.

In a technical blog post, SEC Consult explains how it’s possible to manipulate the DNS name resolution of these so-called closed DNS resolvers using a variant of cache poisoning attacks (PDF), which were first unveiled by celebrated network security researcher Dan Kaminsky way back in 2008.

Cache from chaos

Previous research by SEC Consult has shown how it’s possible for an attacker to take over user accounts of web applications by manipulating DNS name resolution.

Closed DNS resolvers are used by numerous hosting providers and other internet service providers (ISPs) to provision services to their clients. As the name suggests, closed DNS resolvers reside on closed networks or intranets.

However, ‘closed’ is a bit of a misnomer in the context of SEC Consult’s research because the researchers have shown how it might be possible for external actors to abuse the functionalities of web applications to readily attack closed resolvers.

They found that attack reconnaissance is possible by exploiting how closed DNS resolvers interact with spam protection mechanisms on the open internet.

This could help an attacker understand DNS security features like source port randomization, DNSSEC, IP fragmentation, and, more simply by exploiting registration, password-reset, as well as newsletter functionalities of web applications that rely on closed resolvers.

Scouring the web

SEC Consult used two open source tools – DNS Reset Checker and the DNS Analysis Server – to analyze DNS traffic from targeted systems in order to identify vulnerabilities.

In practical terms, this attack reconnaissance work involved sending emails to some well-known domains and specifying the analysis domain as the sending domain. This allowed the researchers to identify thousands of systems that used static source ports, a security oversight that left them vulnerable to Kaminsky-style attacks.

“After sending emails to roughly 50k domains, we’ve received and analyzed DNS data for approximately 7,000 of them,” SEC Consult explains. “Among those 7,000 domains, at least 25 were using static source ports. By going down the rabbit hole again, thousands of more domains using static source ports were discovered.”

None of a sample of 25 vulnerable resolvers were using or enforcing additional security features such as DNSSEC, SEC Consult discovered.

Affected services were running behind domains operated by both small and big businesses, and sites delivering governmental services and political campaigns.

DNS cache poisoning insecurities can be abused to manipulate records and redirect emails – a security shortcoming that would allow an attacker to abuse the password reset functionalities of WordPress and Joomla installations, among others.

The attack technique can be used to hijack even a fully patched WordPress installation, SEC Consult was able to demonstrate.

The infosec firm has held back on publicly releasing the exploit code it developed to attack WordPress systems, because of concerns that awareness of the issue is low, which would leave many web-based systems accessible through closed DNS resolvers open to attack.

SEC consult spoke to ISPs, hosting providers, and computer emergency response teams (CERTs) about the issue in the months prior to going public with its findings last week.

Cache out

Independent DNS security experts said that the research highlighted a valid concern.

Cricket Liu, chief DNS architect at Infoblox, told Daily Swig: “I don’t think this is particularly novel – we talked about this sort of thing back in the heyday of the Kaminsky vulnerability – but it’s relevant because there are still some DNS servers out there that don’t use source port randomization.”

Containing exotic attacks

Even though legacy Kaminsky attacks are definitely not the ‘next big thing’ it would be unwise to dismiss the issue as unfashionable, according to SEC Consult.

Timo Longin, a security consultant at SEC Consult, told Daily Swig: “The DNS provides very exotic and unknown attack vectors that should be brought to the attention of the infosec community! For example, we found some hosting providers where it would potentially be possible to compromise all hosted servers by password-reset hijacking users via the providers’ control panel”.

To safeguard systems, vulnerable DNS resolvers must be patched and configured securely. Some best practices for securing your own DNS resolvers can be found at Google and at DNS flag day. Alternatively, large public DNS providers such as Google, Cloudflare, or Cisco can also be used.

Countermeasures for new DNS attacks are usually implemented quickly by these large providers, according to SEC Consult.


Get More Stories Like This On: Facebook: @AllNaijaEntertainment, Twitter: @AllNaijaEntertainment
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Chief Oyerigha Echo Toikumoh - The Earlier The Better
Music1 month ago

[Music] Chief Oyerigha Echo Toikumoh – The Earlier The Better

Enzo Maresca and Mikel Arteta stated they will not take Pep Guardiola's place at Manchester City
Sports1 month ago

Enzo Maresca and Mikel Arteta stated they will not take Pep Guardiola’s place at Manchester City

Alan Shearer reckons Liverpool star is ‘not going to get better’
Sports1 month ago

Alan Shearer reckons Liverpool star is ‘not going to get better’

NECO examiners threaten nationwide protest over unpaid entitlements
News1 month ago

NECO examiners threaten nationwide protest over unpaid entitlements

Jonathan congratulates Trump on historic election win
News1 month ago

Jonathan congratulates Trump on historic election win

Peter Obi can become president in 2027 — Yunusa Tanko
News1 month ago

Peter Obi can become president in 2027 — Yunusa Tanko

Dua Lipa forced to cancel show after ‘unforeseen safety issues’
Entertainment1 month ago

Dua Lipa forced to cancel show after ‘unforeseen safety issues’

Uzoamaka Onuoha wins Best Female Performance in a feature at AFRIFF 2024
Entertainment1 month ago

Uzoamaka Onuoha wins Best Female Performance in a feature at AFRIFF 2024

'Phoenix Fury' bags Best Film award at the 13th edition of AFRIFF
Entertainment1 month ago

‘Phoenix Fury’ bags Best Film award at the 13th edition of AFRIFF

Vivo begins teasing new Dimensity 9400 flagships internationally
Technology1 month ago

Vivo begins teasing new Dimensity 9400 flagships internationally

Google Pixel 11 and Pixel 11 Pro may trade performance gains for longer battery life
Technology1 month ago

Google Pixel 11 and Pixel 11 Pro may trade performance gains for longer battery life

Manchester United players warned ‘only one is safe’ under Ruben Amorim
Sports1 month ago

Manchester United players warned ‘only one is safe’ under Ruben Amorim

Austin DeAnda given impromptu makeover after he is forced to have haircut in the middle of fight
Sports1 month ago

Austin DeAnda given impromptu makeover after he is forced to have haircut in the middle of fight

IG orders punishment for errant cops
News1 month ago

IG orders punishment for errant cops

Be ready to recover stolen mandate — Ighodalo tells PDP
News1 month ago

Be ready to recover stolen mandate — Ighodalo tells PDP

No part of Ogun will be ceded under my watch — Dapo Abiodun
News1 month ago

No part of Ogun will be ceded under my watch — Dapo Abiodun

Ruger calls out auto tune and hype culture in music
Entertainment1 month ago

Ruger calls out auto tune and hype culture in music

I hate to play same role repeatedly — Actress Bimbo Akintola
Entertainment1 month ago

I hate to play same role repeatedly — Actress Bimbo Akintola

Fans split on Davido, Wizkid, and Burna Boy's Grammy nominations.
Entertainment1 month ago

Fans split on Davido, Wizkid, and Burna Boy’s Grammy nominations

Samsung Galaxy S25 Slim: Leaker reveals launch details for Samsung's rival iPhone 17 Air
Technology1 month ago

Samsung Galaxy S25 Slim: Leaker reveals launch details for Samsung’s rival iPhone 17 Air

Realme names first smartphone to get Android 15 beta worldwide
Technology1 month ago

Realme names first smartphone to get Android 15 beta worldwide

England interim manager tipped for surprise Premier League job
Sports1 month ago

England interim manager tipped for surprise Premier League job

Hakim Ziyech mocks Israeli supporters attacked in Amsterdam
Sports1 month ago

Hakim Ziyech mocks Israeli supporters attacked in Amsterdam

Court jails seven for internet fraud in Kaduna
News1 month ago

Court jails seven for internet fraud in Kaduna

Edo APC criticizes Obaseki’s last-minute appointments
News1 month ago

Edo APC criticizes Obaseki’s last-minute appointments

Edo PDP announces caretaker committee
News1 month ago

Edo PDP announces caretaker committee

Tems makes history after securing 3 nominations for the 67th Grammys
Entertainment1 month ago

Tems makes history after securing 3 nominations for the 67th Grammys

Beyoncé surpasses Jay-Z to become the most nominated artist in Grammy history
Entertainment1 month ago

Beyoncé surpasses Jay-Z to become the most nominated artist in Grammy history

Davido, Wizkid, Tems, Asake make 2025 Grammy nominations
Entertainment1 month ago

Davido, Wizkid, Tems, Asake make 2025 Grammy nominations

Davido, Wizkid, Tems, Asake make 2025 Grammy nominations
Entertainment1 month ago

2025 GRAMMY: Academy unveils category changes ahead of nomination event

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Final Episode 13)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 12)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 11)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 10)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 09)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 08)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 07)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 06)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 05)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 04)

ANE Billboard Hots



Join "ANE sabi" clique

Don't miss a thing, get ogbonge ANE latest updates to fuel your conversation daily.