IT360 Notes – DNS Holes
I came 5 minutes late to this presentation due to the keynote running late. Oops. Starts out with DNS 101 explaining the very basics of a DNS server.
- information gathering
- dns DoS, dns usually not as hardened but it’s very important and taking out dns effectively makes a network inaccessible
- example of dns ddos: botnet of zombies smurfs you. Your network is toast.
- dns cache poisoning puts bad data into zones file
- trick a server into accepting bad information and cache it
- future requests receive incorrect info
- eg poison wellsfargo.com
- can be done by weaknesses in code, ddosing the next higher server in chain, but requires injecting bad data and pretending to be a trusted server
- dns exploits, server rooting
- old BIND has lots of exploits, #1 executed exploit group is against BIND, if you’re using BIND be sure you’re on BIND8, currently latest is 8.4.7
- how to protect:
- patch your servers
- repeat: patch your servers
- limit recursive queries to only internal users
- limit zone transfers and dig information
- set up tertiary dns servers outside of your network
- secondary and tertiary dns servers for users not on same network
- why to limit recursive lookups to internal networks? No reason to help others, that is no benefit to you, but it can be abused and used to steal bandwidth.
