Posted by: Greg Ness | July 24, 2008

More than 60% of Recursive Name Servers Unpatched- CERT

The DNS vulnerability drum beat goes on.  Based on a recent CERT Report published today at least 2/3 of Austrian recursive name servers have not yet been patched.


The conclusions are rather grim so far – more than two thirds of the Austrian Internet’s recursive

DNS servers are unpatched while at the same time the upgrade adoption rate seems rather slow.

Our findings are matched by the observations of Alexander Klink of Cynops GmbH2 who analyzed

the results of the online vulnerability test on Dan Kaminsky’s doxpara3 site.


          From Patching Nameservers: Austria Reacts to VU#800113

By Otmar Lendl and L. Aaron Kaplan July 24, 2008


It looks like Austria is NOT an anomaly but is rather symptomatic of many other countries behind on patching the DNS vulnerability and now exposed by the release of attack code.  As the paper notes further on page 13 with a results chart, Alexander Klink had similar findings for queries.


Despite multiple warnings and the publication of exploit code it looks like successful attacks on the Internet are only a formality.


From Cricket Liu’s exclusive Archimedius interview:


DNS experts agree that this vulnerability provides a way for a hacker to poison the cache of an unpatched, open recursive name server in less than a minute.



You can read my disclaimer at: About « ARCHIMEDIUS.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: