One in four servers unpatched for Kaminsky flaw

Organisations and businesses worldwide are still leaving themselves open to DNS vulnerabilities.

Research has revealed that one in four servers is unpatched for the Kaminsky vulnerability.

This was according to an Infoblox survey of Domain Name System (DNS) servers, based on a survey of IPv4 address space sampling nearly 80 million addresses.

One in four servers did not perform source port randomisation, the patch' for the Kaminsky flaw. This removes the predictable nature of DNS source ports and replaces it with a randomised selection technique.

The patch was a multi-vendor effort which gave companies like Cisco and Microsoft the chance to fix the problem before attack code was circulated online.

It also required administrators to upgrade their name servers, but it was claimed that 40 per cent had not been upgraded. The research also revealed that only .002 per cent of DNS zones tested supported DNSSEC.

This left servers accepting open recursive queries from any inquirer, which were vulnerable to cache poisoning and Distributed Denial of Service attacks.

Cricket Liu, vice president of architecture at Infoblox, said that it was surprising that many organisations were still leaving themselves open to attack considering the awareness of the Kaminsky vulnerability.

He said: "Even if an enterprise has gone to the trouble of patching against the Kaminsky vulnerability, there are many other aspects of configuration, like recursion and open zone transfers that should also be secured.

"If not, organisations are essentially locking their door to their house, but leaving the windows wide open."

DNS servers are network infrastructure which maps domain names to IP addresses. Domain name resolution conducted by the servers is needed to perform any internet-related request.

The survey did reveal a bit off good news with the usage of unsecure' Microsoft DNS servers connected to the internet disappearing rapidly. Only 0.17 per cent of the addresses relied on it.

An IT PRO history of the Kaminsky flaw is available here.

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

'Largest ever' Magecart hack compromises 2,000 online stores
hacking

'Largest ever' Magecart hack compromises 2,000 online stores

15 Sep 2020
Infocyte integrates with Palo Alto Networks Cortex XSOAR
cyber security

Infocyte integrates with Palo Alto Networks Cortex XSOAR

19 Aug 2020
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020