PDA

View Full Version : IPADDRESS has a serious vulnerability



Fli
08-24-2013, 09:50 PM
I received an email from "Innova Core Team" and they say i have vulnerability. Please do you know what does it mean and what to change? On that IP is an Ubuntu default installation and its a OpenVZ VPS...


Greetings,

Your DNS server IPADDRESSHERE,IPADDRESS2HERE
has a serious vulnerability. It is working as OpenResolve. Example :

c:\>nslookup www.com IPADDRESSHERE
Address: IPADDRESSHERE

Non-authoritative answer:
Name: www.com
Address: 208.87.35.103

but response should be :

Host www.com not found: 5(REFUSED)
(you should not respond to foreign Zones, all in a row)
It can be used for DDoS attacks (DNS reflection DDoS attacks, responding for spoofed IP requests).

You could set it back by:

- configuring the server in the way to prevent its illegal using (resolve only your zone);
- closing an access to the server from public networks if you don't need it.

You could find more details on the following links:
https://blogs.akamai.com/2013/06/dns-reflection-defense.html
http://openresolverproject.org/
http://info.menandmice.com/blog/bid/87929/DNS-reflection-or-DNS-amplification-attacks-How-to-secure-your-DNS-server
http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack
___
Innova Core Team