Friday, 14 August 2015

Hackers Target Internet Address Bug to Disrupt Sites


Hackers Manipulating Internet Architecture

According to a security firm, it is said that hackers are manipulating a serious flaw in the internet’s architecture wherein the bug seems to target systems that tend to convert domain names into IP addresses. Taking advantage of it could impend the smooth function of the internet services since it would permit hackers to launch denial-of-service attacks on websites, possibly forcing them offline and regular internet users would unlikely be severely affected.

Bind seems to be the name of a variety of Domain Name System – DNS software which is used on most of the internet servers. The most recently discovered bug enables attackers to crash the software thus taking the DNS service offline and stopping URLs for instance, from functioning. Patch for the fault is made available, though several systems need to be updated.

 The ISC – Internet Systems Consortium that had developed Bind had mentioned in a tweet that the vulnerability was `particularly critical’ and `easily exploited’. Last week ISC had release a patch for serious vulnerability in BIND, one of the popular Domain Name Servers which is bundled with Linux.The flaw that affects versions of BIND 9 from BIND 9.1.0 to BIND 9.10.2-P2.

Fault in Handling TKEY Queries

It could be exploited to crash the DNS servers running the software followed by a DoS attach. Red Hat, Ubuntu, CentOS as well as Debian have all been affected with the bug and so patching is straightforward, update or apt-get update, whichever is suitable to the environment together with a DNS server restart.

 A networking expert at Sucuri, Daniel Cid, had published a blog post stating the vulnerability wherein he had clarified that the real exploits taking advantage of the fault had already taken place, based on the reports received from the customers of the company, that they were facing DNS server crashes. He also informed BBC that a few of the clients in various industries had their DNS servers crashed due to it.

He further added that due to their experience, server software such as Bind, Apache, OpenSSL and the others did not get patched as often as they should. According to a report in The Register, CVE-2015-5477, last week, there is a fault in handling TKEY queries, like a constructed packet could use the defect in triggering a REQUIRE assertion failure, which could cause BIND to exit. Cid informs that it is also trivial to check if the DNS server is being targeted.

Large DNS Exploits Take Down Hunks of Internet

One could look for the ANY TKEY in the DNS logs with querylog enabled since TKEY request seems to be `not very common’ and should be easy to notice suspicious requests. Brian Honan, cybersecurity expert, had commented that a spike in exploits of the fault was expected in the next few days.

He further added that the websites would frequently be accessible through other routes and cache addresses on DNS servers all over the world even though certain key DNS servers have been made to crash. He stated that `it is not a doomsday scenario but a question of ensuring that the DNS structure could continue to work while patches tend to be rolled out.

According to Mr Cid, the impact on general users is probably to be minimal and the average internet users will not experience much pain besides a few sites and email servers down. A large DNS exploit could take down hunks of the internet.