Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

DNS Server Source Port 53 Query Usage

Medium

Synopsis

The remote DNS server is vulnerable to a cache-poisoning attack.

Description

The remote host is running a DNS server that is configured to use port 53 as its source port for queries. This is extremely dangerous as an attacker only needs to spoof a 16-bit transaction ID in order to poison the DNS cache. A poisoned cache means that DNS clients can be directed to rogue sites and greatly simplifies phishing attacks.

Solution

Ensure that the DNS server is fully patched and can utilize a wide range of UDP source port numbers. For ISC servers, ensure that the following line does not exist within the configuration file: "query-source address * port 53;"