According to Johnson, most Web sites are vulnerable to DNS cache poisoning
attacks, due to the prevalence on the Internet of DNS servers that can be exploited.
The first variant of DNS cache poisoning
involves redirecting the nameserver of the attacker's domain to the nameserver of the target domain, then assigning that nameserver an IP address specified by the attacker.
DNSSEC protects against DNS cache poisoning
, pharming and redirection attacks by providing authentication of the origin of DNS data, assurance of data integrity, and authentication of denial of existence - the three elements necessary to increase the security of the Internet's DNS infrastructure.
Matt Larson, Vice President of DNS Research at VeriSign, commented: "DNSSEC is an essential tool in sealing DNS vulnerabilities and mitigating DNS cache poisoning
attacks that undermine the integrity of the DNS system.
We are pleased to introduce DNSSEC across our registry and DNS platform, protecting TLDs in our care from DNS cache poisoning
and man-in-the-middle attacks, while maintaining consistency and convenience for registrars and their customers.
April 13 /PRNewswire/ -- Nominum, the leading provider of carrier-grade IP name and address management software, today announced that its Nominum Foundation Caching Name Server provides the highest level of protection available against the latest Pharming and DNS cache poisoning
NitroGuard recently earned acclaim for successfully preventing DNS cache poisoning
exploits using the "Kaminsky" DNS vulnerabilities, first detailed at BlackHat/DEFCON in August 2008.
Check Point IPS solutions preemptively protect against the two new threats through a suite of DNS cache poisoning
protections available since 2003.
New Release Provides Intelligent, Layered Approach with Built-In "Defense in Depth" Against DNS Cache Poisoning
Top Layer Security, a leading global provider of Network Intrusion Prevention Systems (IPS), today announced that its IPS 5500 provides customers with proactive protection against attacks targeting the widely publicized, critical DNS Cache Poisoning
Vulnerability (MS08-037, CVE-2008-1447), which could allow a remote attacker to insert malicious host entries into the vulnerable DNS server's cache, essentially hijacking an entire organization's outbound Internet traffic.
DNS cache poisoning
is the first step in an attack sequence that spoofs a legitimate website to infect a user's computer with malicious code or steal a user's private credentials.
Arxceo's Ally ip100 anti-reconnaissance device prevents the spread of worms across the different segments of a network and fortifies network protocols, eliminating abuses such as covert channeling, DNS cache poisoning
, fragmented packet 'exploit injections' and raw-frame Ethernet data leak transmissions.