[GTER] Bound by Tradition: A Sampling of the Security Posture of the Internet's DNS Servers
Klaus Steding-Jessen
jessen at nic.br
Wed Jul 23 11:03:39 -03 2003
[http://www.packetfactory.net/papers/DNS-posture/DNS-posture-1.0.pdf]
Bound by Tradition: A Sampling of the Security Posture of the
Internet's DNS Servers
by Mike Schiffman <mike at infonexus.com>
DNS servers across the Internet running BIND are not up to date with
security patches and software updates. As a result, a significant
fraction of the Internet's DNS servers is vulnerable to compromise,
subversion, denial of service, and general misuse. Considering that
DNS is the lynchpin of the corporate enterprise, the i mpact of these
vulnerabilities is significant and a successful attack could bring
down any online business.
Abstract
This Research Report presents an overview of the current security
posture of DNS servers found across the Internet. The report also
covers the following:
* A summary of some of the finer points of the DNS protocol
* A discussion of why DNS is such a key component in the
infrastructure of the Internet
* A summary of the BIND software, the most widely used DNS
implementation available
* A presentation of empirical data that underscores the past and
present st ate of security in BIND servers, including
correlating the meteoric increase in size of the cod e-base with
the number of publicly-reported vulnerabilities
More information about the gter
mailing list