[dns-operations] "remotely changing a home router's DNS server was theoretically possible" (C|Net)
Gadi Evron
gevron at ca.afilias.info
Tue Jan 22 22:17:30 UTC 2008
Paul Vixie wrote:
> in <http://www.news.com/8301-10789_3-9855195-57.html> we see:
>
> January 22, 2008 10:19 AM PST
> Drive-by pharming attack hits home
> Posted by Robert Vamosi
>
> Whenever you type an address into an Internet browser, that address is
> instantly resolved into the site's numerical Internet address by a DNS server
> located somewhere in the world. On Tuesday, Symantec announced that online
> criminals have started to remotely redirect your home network router's DNS
> server so that whenever you type in a financial institution or other trusted
> site, your browser will instead be redirected to a bogus or phishing Web
> site.
>
> The practice, called pharming, usually attacks the DNS servers directly, but
> this latest attack brings it all home (if you are using broadband
> connectivity). Fortunately, the routers and institutions affected by this
> current attack are limited to one country, Mexico, but Symantec warns that
> word of this real-world attack could bring similar attacks elsewhere.
I am unsure of what specific attack (malware?) they are talking about
which is MX specific, but SYMC is good with PR. I am however
increasingly concerned with the ease of compromising broadband routers.
On the DNS side, without compromising (which can result in more botnets
or wiretap concerns) I am especially concerned due to many of these CPE
devices being recursive DNS servers.
While DNS hijacking remains a threat and it is clear a significant
number of ns world-wide are lying to us, it is not my main concern when
these devices are discussed.
Gadi.
More information about the dns-operations
mailing list