icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

DNS Server Source Port 53 Query Usage

Medium

Synopsis

The remote DNS server is vulnerable to a cache-poisoning attack.

Description

The remote host is running a DNS server that is configured to use port 53 as its source port for queries. This is extremely dangerous as an attacker only needs to spoof a 16-bit transaction ID in order to poison the DNS cache. A poisoned cache means that DNS clients can be directed to rogue sites and greatly simplifies phishing attacks.

Solution

Ensure that the DNS server is fully patched and can utilize a wide range of UDP source port numbers. For ISC servers, ensure that the following line does not exist within the configuration file: "query-source address * port 53;"