ISC BIND DNS Query ID Field Prediction Cache Poisoning (deprecated)
Medium Nessus Network Monitor Plugin ID 4578
SynopsisThe remote DNS server is vulnerable to a cache-poisoning attack.
DescriptionThe remote host is running a version of BIND DNS server which fails to randomize the UDP source port. This could allow an attacker to poison the DNS cache. A poisoned cache means that DNS clients can be directed to rogue sites and greatly simplifies phishing attacks.
SolutionMany vendors build their DNS solution on top of BIND. Contact your specific DNS vendor for a fix. While the only true fix is to use DNSSEC, ISC has released patched versions of BIND that make it harder for attackers to spoof DNS answers. This is accomplished by expanding the range of UDP ports from which queries are sent. The following versions of ISC BIND increase the range of utilized UDP ports: 9.5.0-P1, 9.5.1b1, 9.4.2-P1, 9.4.3b2, 9.3.5-P1