iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > Metasploit's Moore Sapped Via DNS Flaw
Search:
[ news_security_news ]

Metasploit's Moore Sapped Via DNS Flaw



David Utter
Staff Writer
2008-07-30

SecurityProNews: Insider Reports Insider Reports RSS Feed


The same critical DNS issue that HD Moore and his associates raced to include in their security testing toolkit, the Metasploit Project, bounced back against the noteworthy security researcher.

Security pros and other techies who see the boundary-pushing actions of Moore and Metasploit as more of a hindrance than a help to security may have enjoyed the schadenfreude surrounding Moore today.

Moore detailed what happened on a blog post at Metasploit. The incident hit an AT&T DNS cache server; the affected machine coincidentally served "as an upstream forwarder for an internal DNS machine at BreakingPoint Systems," which is Moore's company.

"This attack affected anyone in the Austin, Texas region using that AT&T Internet Services (previously SBC) DNS server. The attack itself was not malicious, did not load malware, and from an operational standpoint, had zero impact," said Moore.

Employees at his company noticed problems when the cache-poisoned DNS machine at AT&T returned a 404 error when they tried to reach a particular Google page, a personalized iGoogle one. The phony server "was returning four iframes, one of which showed a fake version of the Google web site, the other three loaded automated ad-clickers from three other compromised servers."

Anyone who has yet to fix DNS machines with the patch that has been widely available since early July needs to take the problem seriously. Within telco giant AT&T, someone did not, and inadvertently demonstrated how rapidly a vulnerable system will see exploit attempts against.

Some of those attacks may even succeed, and it only takes one to pose at least an annoyance, at most a critical data loss threat, to Internet users.


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2009 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds