Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ISC BIND DNS Query ID Field Prediction Cache Poisoning (deprecated)

Medium

Synopsis

The remote DNS server is vulnerable to a cache-poisoning attack.

Description

The remote host is running a version of BIND DNS server which fails to randomize the UDP source port. This could allow an attacker to poison the DNS cache. A poisoned cache means that DNS clients can be directed to rogue sites and greatly simplifies phishing attacks.

Solution

Many vendors build their DNS solution on top of BIND. Contact your specific DNS vendor for a fix. While the only true fix is to use DNSSEC, ISC has released patched versions of BIND that make it harder for attackers to spoof DNS answers. This is accomplished by expanding the range of UDP ports from which queries are sent. The following versions of ISC BIND increase the range of utilized UDP ports: 9.5.0-P1, 9.5.1b1, 9.4.2-P1, 9.4.3b2, 9.3.5-P1