One in four servers unpatched for Kaminsky flaw

Organisations and businesses worldwide are still leaving themselves open to DNS vulnerabilities.

Research has revealed that one in four servers is unpatched for the Kaminsky vulnerability.

This was according to an Infoblox survey of Domain Name System (DNS) servers, based on a survey of IPv4 address space sampling nearly 80 million addresses.

One in four servers did not perform source port randomisation, the patch' for the Kaminsky flaw. This removes the predictable nature of DNS source ports and replaces it with a randomised selection technique.

Advertisement - Article continues below

The patch was a multi-vendor effort which gave companies like Cisco and Microsoft the chance to fix the problem before attack code was circulated online.

It also required administrators to upgrade their name servers, but it was claimed that 40 per cent had not been upgraded. The research also revealed that only .002 per cent of DNS zones tested supported DNSSEC.

This left servers accepting open recursive queries from any inquirer, which were vulnerable to cache poisoning and Distributed Denial of Service attacks.

Cricket Liu, vice president of architecture at Infoblox, said that it was surprising that many organisations were still leaving themselves open to attack considering the awareness of the Kaminsky vulnerability.

He said: "Even if an enterprise has gone to the trouble of patching against the Kaminsky vulnerability, there are many other aspects of configuration, like recursion and open zone transfers that should also be secured.

Advertisement - Article continues below

"If not, organisations are essentially locking their door to their house, but leaving the windows wide open."

Advertisement - Article continues below

DNS servers are network infrastructure which maps domain names to IP addresses. Domain name resolution conducted by the servers is needed to perform any internet-related request.

The survey did reveal a bit off good news with the usage of unsecure' Microsoft DNS servers connected to the internet disappearing rapidly. Only 0.17 per cent of the addresses relied on it.

An IT PRO history of the Kaminsky flaw is available here.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020