Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Critical BIND denial-of-service flaw could disrupt large portions of the Internet

Lucian Constantin | July 31, 2015
Attackers could exploit a new vulnerability in BIND, the most popular Domain Name System (DNS) server software, to disrupt the Internet for many users.

"Its biggest problem is that it has too many features," Graham said. "It attempts to implement every possible DNS feature known to man, few of which are needed on publicly facing servers. Today's bug was in the rarely used 'TKEY' feature, for example. DNS servers exposed to the public should have the minimum number of features -- the server priding itself on having the maximum number of features is automatically disqualified."

To highlight the scope of this vulnerability, Graham said that he could use a tool that he developed called masscan to crash all publicly facing BIND 9 servers on the Internet in about an hour.

"BIND9 should not be exposed to the public," he said. "It has code problems that should be unacceptable in this day and age of cybersecurity. Even if it were written perfectly, it has far too many features to be trustworthy."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.