Tuesday, July 15, 2008

After Effects of the Recent DNS Patch

There's a high chance that you heard about the Internet-wide patching of a serious DNS flaw discovered early this year and major vendors patched it early this month.

According to what I read, DNS was vulnerable to cache poisoning attack which gives an easy passport to malicious attackers to redirect web traffic and emails to their systems and do all kinds of nasty things. The vulnerability is due to lack of entropy in the query ID field together with a lack of source port entropy.

I was more interested in the DNS traffic patterns after the large scale patching and found this diagram which shows the traffic in the proximity of the fix date.

The spikes seem to be large scale DNS attacks. Apparently, we don't see much difference in attack patterns between after and before the patch.

No comments: