DNS Server Source Port 53 Query Usage
Medium Nessus Network Monitor Plugin ID 4601
SynopsisThe remote DNS server is vulnerable to a cache-poisoning attack.
DescriptionThe remote host is running a DNS server that is configured to use port 53 as its source port for queries. This is extremely dangerous as an attacker only needs to spoof a 16-bit transaction ID in order to poison the DNS cache. A poisoned cache means that DNS clients can be directed to rogue sites and greatly simplifies phishing attacks.
SolutionEnsure that the DNS server is fully patched and can utilize a wide range of UDP source port numbers. For ISC servers, ensure that the following line does not exist within the configuration file: "query-source address * port 53;"