Skip to main content

Cured DNS hack makes a surprising comeback

Zero-day attack
(Image credit: Shutterstock.com)

Security researchers have managed to exploit an old vulnerability in the implementation of the Domain Name System (DNS) to override safeguards and reanimate an attack that was killed in 2008.

As per the group of researchers from Tsinghua University and UC Riverside, the vulnerability affects a majority of the popular DNS services, including Google’s 8.8.8.8 and CloudFlare’s 1.1.1.1.  

The good news however is that before making their findings public, the researchers privately shared their findings with DNS providers and software developers, many of whom have implemented a fix to mitigate the vulnerability.

Name your poison

Dan Kaminsky first highlighted a major shortcoming in the implementation of the DNS protocol in 2008. When exploited it would send visitors to malicious websites instead of the ones they typed into their web browser windows.

Kaminsky’s DNS cache poisoning attack sent everyone scurrying for a solution and the reputable DNS providers soon implemented a fix. 

That was until security researchers presented a novel approach to side step the fix and make it possible to send traffic to malicious IP addresses once again.

In simple terms, the solution to Kaminsky’s attack was to randomize the number of the source port sending the DNS request. The new attack, dubbed SAD (Side channel AttackeD) DNS cleverly derandomizes the source port. 

The research was presented at the 2020 ACM Conference on Computer and Communications Security. The researchers also have a website for the new attack where they share more details and allow you to test whether your DNS resolver is vulnerable.

Source: ArsTechnica