Date: Tue, 24 Jul 2007 10:33:51 +0300
From: Amit Klein <amit.klein@trusteer.com.>
To: [email protected]Subject: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 24 Jul 2007 07:32:37.0181 (UTC) FILETIME=[CEE5F6D0:01C7CDC4]
X-Policy: GLOBAL
X-Primary: [email protected]
X-Note: This Email was scanned by AppRiver SecureTide
X-ALLOW: [email protected] ALLOWED
X-Note: Spam Tests Failed:
X-Country-Path: PRIVATE->ISRAEL->UNITED STATES->UNITED STATES->UNITED STATES
X-Note-Sending-IP: 207.97.230.44
X-Note-Reverse-DNS: fe02.exg3.exghost.com
X-Note-WHTLIST: [email protected]
X-Note: User Rule Hits:
X-Note: Mail Class: ALLOWEDSENDER
X-Virus-Scanned: antivirus-gw at tyumen.ru
I discovered a new weakness in BIND 9 DNS server which enables "DNS
Forgery Pharming". An attacker can remotely poison the cache of any BIND
9 caching DNS server and force users who use this DNS server to reach
fraudulent websites each time they try to access real websites. BIND 9
is the most popular DNS server nowadays thus this attack applies to a
big part of Internet users.
The concept of DNS cache poisoning was discussed many times before.
However, this attack was considered impractical for the leading
industrial DNS servers due to the transaction ID mechanism that DNS
servers implement today. The transaction ID is supposed to be a secure,
random number that the attacker must guess in order to poison the DNS
cache. There are 65,536 combinations which make enumeration impractical
in the current network conditions.
I've recently found a weakness in the transaction ID generation
algorithm of BIND 9. By observing a few consecutive transaction IDs from
the same DNS server an attacker can reconstruct the random number
generator's internal state, and/or predict its next value.
This weakness can be turned into a mass attack in the following way: (1)
the attacker lures a single user that uses the target DNS server to
click on a link. No further action other than clicking the link is
required (2) by clicking the link the user starts a chain reaction that
eventually poisons the DNS server?s cache (subject to some standard
conditions) and associates fraudulent IP addresses with real website
domains. (3) All users that use this DNS server will now reach the
fraudulent website each time they try to reach the real website.
The 2 algorithms for predicting the transaction ID (one for the single
next transaction ID, the other for full reconstruction of the internal
state and all future transaction IDs) were coded in Perl and were
demonstrated to work well (and fast!).
The algorithms, as well as the paper, are available Trusteer's website:
Full paper: http://www.trusteer.com/docs/bind9dns.html
Executive version: http://www.trusteer.com/docs/bind9dns_s.html
ISC were informed on May 29th, and patched versions of BIND 9 are now
available on their website, http://www.isc.org/
Thanks,
Amit Klein
CTO
Trusteer
