| VID |
19014 |
| Severity |
20 |
| Port |
53 |
| Protocol |
TCP,UDP |
| Class |
DNS |
| Detailed Description |
The target DNS server is vulnerable to a DNS Cache Snooping Vulnerability.
DNS Cache Snooping vulnerability allows a remote attacker to determine which domains have recently been resolved via this server, that is, which hosts have been recently visited, by obtaining information on a given DNS cache anonymously. To exploit this vulnerability, a remote attacker can send queries for specified domains setting the RD(Recursion Desired) bit to zero. Then, if the answer is cached, the server will reply the response with valid answer, else will reply with information of another server that can better answer. Another interesting use of this attack is determining B2B partners, web-surfing patterns, external mail servers, and more.
* Note: If the affected DNS server is your internal name server, then ignore this alert.
* References:
http://community.sidestep.pt/~luis/DNS-Cache-Snooping/DNS_Cache_Snooping_1.1.pdf
* Platforms Affected:
Any Operating System Any version |
| Recommendation |
Configure the DNS cache only to be allowed access by local users or child caches, or to be allowed authoritative requests.
To restrict the access to your DNS server from untrusted networks, you can also block incoming traffic (except for authoritative DNS servers) on port 53 (DNS) on your network gateway. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
