Atom Wave: DNS Charged with Sabotaging Internet

Atom Wave

Saturday, November 29, 2008

DNS Charged with Sabotaging Internet

One mistake! One mistake! It could all have been undone by one mistake. It turns out that the Internet isn’t as infallible as advertised. Instead this failure hides in the very core of most any severs operating system, DNS. It all began with Dan Kaminsky of Seattle, Washington. One day back in 2005 when he had too much time on his hands, he broke the Internet.
Please join me on the next server. DNS (Domain Name System) software is the core operating system of the Internet. Its job is to route the thousands of IP addresses that cross your computer everyday. Lets say that you enjoy sleazy blogs written by hustlers, so you dial up Since you’ve never been here before, your ISP (internet service provider) searches using a 16-bit transaction ID. Any response to the ISP server must repeat the transaction ID. Finally, some server somewhere responds by replying to your ISP with the numeric address for the website. Your ISP caches the address.
Dan Kaminsky discovery was that the system could be fooled by a fake transaction ID. The attacker tries to hijack a website by sending thousands of requests for phony web pages. The ISP responds to each request by attaching a transaction ID and attempts to locate the page. Meanwhile the attacker (Dan Kaminsky) sends thousands of responses to each fake request with a randomly generated transaction ID. Damn you Dan! In time, one of the phony responses carries the wrongly correct ID that matches and the ISP server caches the fake address.
Dan can now tie phony web pages to legitimate companies and organizations. He could have made a fortune, hacking into banking and retail sites. Instead he choose to contact the proper authorities in the industry, mainly Microsoft, Cisco, Sun Microsystems, Ubuntu, Red Hat, and a few others. They released a patch the same year to randomize the port that a hacker would need to break the system, but it isn’t a permanent fix. Dan’s scheme will still work, but its probability of success has been expanded to 1 in 4 billion. Anyone have a supercomputer? Until the day comes that a permanent fix is released, network operators will still have to be observant of any suspicious spikes in traffic.


Post a Comment

Links to this post:

Create a Link

<< Home