DNS And Responsible Disclosure

Niels Provos

DNS And Responsible Disclosure

Tuesday, July 22. 2008

As everyone was upgrading their DNS infrastructure to be ready for August 7th, some security reseachers independently discovered the DNS flaw and disclosed it. For those of us, who were either informed or had figured out the problem ourselves, it is surprising to find irresponsible and grossly negligent disclosure from respected members of our community. There was a reason that Kaminsky did not disclose the flaw publicly when he found it. The DNS infrastructure needed to be upgraded and repaired.

Well, the time has run out. A current study by David Dagon and myself puts the number of open recursive resolvers using static source ports at about 78%. That is a lot of servers that need to be patched. Two more weeks till August 7th could have helped to fix many of them. Unfortunately, we will not find out now.
Posted by Niels Provos in Hacking, Security at 09:15 | Comments (3) | Trackbacks (0)
Defined tags for this entry: ,
Related entries by tags:
Phone call with a Heavily-Accented Phisher
Lizamoon SQL Injection Campaign Compared
Virtual Nudity at Airports
Adobe PDF Vulnerability: Stack overflow in Font File parsing
LEET '10 Call for Papers

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

Niels,

Were you guys probing open recursive resolvers or monitoring a popular authoritative server (*coughgooglecough*) for your 78% figure?

Using the former method for measurement will probably result in an overestimate of vulnerable servers (under the assumption that people who don't restrict recursive access probably aren't as attentive administrators and are less likely to patch).

Regards,
Jon Oberheide
#1 Jon Oberheide (Homepage) on 2008-07-23 15:10 (Reply)
As I mentioned, this was data from open recursive resolvers. Of course many of them are just stub forwarders. The percentage is based on the unique IP addresses contacting my name servers.
#1.1 Niels Provos on 2008-07-23 17:56 (Reply)
Jon: Niels scanning things? That sounds preposterous!

http://monkey.org/~provos/scanssh/

;-)

Niels: nice to see you updating the rss feed more regularly of late, keep it up!

-grey
#2 grey on 2008-07-23 17:48 (Reply)

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
 
 
About me.
Videos.
My CV.
 Subscribe.

Quicksearch

Secure DNS?

Port test your DNS resolver.

Archives

June 2013
May 2013
April 2013
Recent...
Older...

Categories


All categories

Books

Show tagged entries

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

SpyBye Installation

Follow these instructions to install SpyBye.

Proxy Configuration

To use SpyBye set your proxy to www.spybye.org:8080. Then visit http://spybye.org/.
The SwitchProxy Firefox extension might help.

Blades And Swords

Search Blades And Swords Resources

Disclaimer

This is my personal blog. The views expressed on these pages are mine alone and not those of my employer.

SpyBye's disclaimer can be found here.

Wasted.