Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Security /

CERT warns of another BIND problem

Today's breaking news
Send to a friendFeedback

By Joris Evers
IDG News Service, 06/05/02

A flaw in a software tool used to translate text-based Internet domain names into numerical addresses could make parts of the Internet vulnerable to denial-of-service attacks, the Computer Emergency Response Team warned Tuesday.

The flaw is in certain versions of BIND [Berkeley Internet Name Domain], a widely-used piece of DNS software, CERT said in an advisory.

DNS servers running BIND 9 prior to Version 9.2.1 are vulnerable. An attacker could shut down the DNS service on that server by sending a specific DNS packet. The service will then remain unavailable until restarted, CERT said.

BIND 9.2.1 was released on May 1 by the Internet Software Consortium (ISC), which distributes BIND free of charge. It is a so-called maintenance release that fixes a number of bugs in 9.2.0 but has no new features, according to the ISC Web site.

DNS servers translate text-based domain names into numeric IP addresses. When those servers go down, users who type Web addresses - such as nba.com and fbi.gov - can't connect to the intended servers. E-mail sent to affected domains will bounce back.

"If you can trigger something that shuts down the name server, than that is a serious matter," said Petur Petursson, CEO of Men & Mice, a DNS consultancy firm in Reykjavik, Iceland.

"It is normal for a company to run two name servers. If you manage to shoot both of them down, the company will disappear from the Internet," Petursson said.

BIND 9.2.1 is available for free download from the ISC Web site. BIND is also often part of software sold by server software vendors. These vendors may offer their own patches, according to CERT, which urges users of BIND 9 to either upgrade or apply a patch.

The vulnerability of the DNS is seen as an important Internet security concern. The Internet Corporation for Assigned Names and Numbers, the organization that oversees the Internet's addressing system, has formed a security committee aimed, in part, at examining DNS security holes.

The IDG News Service is a Network World affiliate.

RELATED LINKS

Put cybersecurity chief in DHS not the White House, Senator says 11/4/2009
US-CERT moves in with NCC, NCSC 10/30/2009
NSA to build $1.5B cybersecurity center near Salt Lake City 10/26/2009
Powered by Inform

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.