[dns-operations] "remotely changing a home router's DNS server was theoretically possible" (C|Net)

Gadi Evron gevron at ca.afilias.info
Tue Jan 22 22:17:30 UTC 2008

Paul Vixie wrote:
> in <http://www.news.com/8301-10789_3-9855195-57.html> we see:
> January 22, 2008 10:19 AM PST
> Drive-by pharming attack hits home
> Posted by Robert Vamosi 
> Whenever you type an address into an Internet browser, that address is
> instantly resolved into the site's numerical Internet address by a DNS server
> located somewhere in the world. On Tuesday, Symantec announced that online
> criminals have started to remotely redirect your home network router's DNS
> server so that whenever you type in a financial institution or other trusted
> site, your browser will instead be redirected to a bogus or phishing Web
> site. 
> The practice, called pharming, usually attacks the DNS servers directly, but
> this latest attack brings it all home (if you are using broadband
> connectivity). Fortunately, the routers and institutions affected by this
> current attack are limited to one country, Mexico, but Symantec warns that
> word of this real-world attack could bring similar attacks elsewhere. 

I am unsure of what specific attack (malware?) they are talking about 
which is MX specific, but SYMC is good with PR. I am however 
increasingly concerned with the ease of compromising broadband routers.

On the DNS side, without compromising (which can result in more botnets 
or wiretap concerns) I am especially concerned due to many of these CPE 
devices being recursive DNS servers.

While DNS hijacking remains a threat and it is clear a significant 
number of ns world-wide are lying to us, it is not my main concern when 
these devices are discussed.


More information about the dns-operations mailing list