Blog

The Internet is Broken: ISC BIND 9 experiencing Denial-of-Service attacks

Why can’t I access so many sites this week?
On July 28, 2009, the Internet Systems Consortium (ISC) and the United States Computer Emergency Readiness Team (USCERT) released a warning about a problem with the software that runs a large number of Domain Name System (DNS) servers on the Internet.  This weakness allows a person to remotely attack and take control of a DNS server.  By sending a specially crafted ‘packet,’ or piece of information, to the DNS server, a person can launch something called a Denial-of-Service (DoS) attack. 

A DoS attack is an attempt to make a resource, such as a server, unavailable for use by other users connected to that resource.  When directed against a DNS server, the DoS attack has the potential to knock out Internet service to a large amount of the population.

Internet Service Providers, or ISPs, have been notified by the ISC and USCERT and are currently working to fix this problem.  More information about this exploit can be found at the following links:

http://www.cio.com/article/498528/CERT_and_ISC_Warn_About_BIND_DNS_Vulnerability

http://www.kb.cert.org/vuls/id/725188

What is DNS?
DNS is the abbreviation for the Domain Name System.  It determines how domain names (i.e. www.google.com) are translated into IP addresses (in the example of Google, 74.125.45.100).  It acts like the main post office for an area.

When you access the internet, you type in something called a Uniform Resource Locator, or URL.  Part of this URL is the domain.  DNS helps to turn that domain, usually a human-readable word of some kind, into a number called an IP (Internet Protocol) address.  The IP address is the actual location of the computer on the Internet.  If there is a problem with DNS, then the domain is not correctly paired with an IP, and you can’t access your site.
More information about DNS can be found here: http://en.wikipedia.org/wiki/Domain_Name_System

What does this mean for me?
Right now, there is nothing that you or BlueSwarm can do until the vulnerability is patched.  This is the responsibility of the ISPs and main ‘backbone’ providers for the Internet to fix, and they are working quickly to do so.  While they are working on the problem, DNS changes related to this problem may cause issues for some users.

Is my computer or any of the data inside BlueSwarm at risk?
Not at all. All of your information is completely safe from this exploit. All this exploit may do is prevent you from accessing data - it cannot manipulate it.

But can I do anything?
If you find that you are having problems accessing a website (such as BlueSwarm), you can try the following steps to solve the problem.  The steps will show you how to ‘flush,’ or clear, your computer’s local DNS cache, which is used to help your computer load web pages faster.  If the following steps do not resolve the issue you are having, then the problem lies with your Internet Service Provider.  After flushing the DNS, you will also need to clear your browser’s cache in order for the fix to take full effect.  Instructions on how to do this are also below.
 

DNS Reset:
On Windows XP, Vista, 7:
1.    Click the Start Menu or Start Orb (Vista/Win7).
2.    Select ‘All Programs.’
3.    Select ‘Accessories.’
4.    Click ‘Command Prompt.’  On Windows Vista or Windows 7, you must right-click on the Command Prompt icon and select ‘Run as Administrator,’ then click ‘Yes’ at the User Account Control Prompt.
5.    At the prompt, type ‘ipconfig –flushdns’.  This will flush the DNS Resolver Cache.
6.    Close the window.

On Mac OSX:
1.    Double-click your ‘Macintosh HD’ volume.
2.    Select ‘Applications.’
3.    Select ‘Utilities.’
4.    Double-click on ‘Terminal.’  This will open up a terminal window.
5.    On OSX 10.4 (Tiger) or earlier, type in ‘lookupd –flushcache’.  On OSX 10.5 (Leopard) or newer, type in ‘dscacheutil –flushcache’.  This will clear your local DNS cache.
6.    Type in ‘exit’.
7.    Press Command-Q (%u2318-Q) to quit the Terminal window.

On Linux:
Linux does not normally store DNS unless you have the nscd service or a DNS server installed.  In order to flush the DNS, you will have to install the nscd service.  The following instructions work on a *buntu (Ubuntu, Kubuntu) distribution.
1.    At a terminal prompt (if you have the Gnome user interface, it is in Applications --> Accessories --> Terminal; in KDE it is Kicker --> Applications --> System --> Konsole), type ‘sudo apt-get install nscd’.  This will install the nscd daemon.
2.    Type ‘/etc/init.d/nscd restart’.  This will reset the DNS cache and cause the computer to lookup new DNS information.

Clearing the Cache:
Internet Explorer 7/Internet Explorer 8
1.    Click on the Tools menu.
2.    Click ‘Internet Options’.
3.    Under ‘Browsing History’, click Delete.
4.    Click Delete.
5.    Click OK to close Internet Options.
6.    Close your browser window and reopen it.

Firefox 3.5 (Win/OSX/Linux)
1.    From the Tools menu, select ‘Clear Recent History’.
2.    From the "Time range to clear:" drop-down menu, select the desired range; to clear your entire cache, select Everything.
3.    Click the down arrow next to ‘Details’ to choose what history elements to clear.
4.    Click ‘Clear Now’.
5.    Close your browser window and reopen it.

Firefox 3 (Win/OSX/Linux)
1.    Click on the Tools Menu.
2.    Click ‘Clear Private Data’.
3.    Make sure all the boxes are checked, then click ‘Clear Private Data Now’.
4.    Restart the browser.

Safari 4 (Win)
1.    From the Options menu (the Gear in the upper-right corner), click ‘Reset Safari.’
2.    Make sure all the options are checked off.
3.    Click ‘Reset’.
4.    Restart your browser.

Safari 4 (OSX)
1.    Open the Safari menu.
2.    Click ‘Empty Cache’.
3.    Quit Safari and reopen it.

Google Chrome (Win)
1.    Click the Options menu (the wrench icon in the upper-right corner).
2.    Select ‘Clear Browsing Data’.
3.    Make sure all the options are selected and the period to clear is ‘Everything,’ then click ‘Clear Browsing Data.’
4.    Restart the browser.
 

posted 12:49PM 07/28/2009 by Paul Hanley

Comments

No comments to this post yet.
Click here to comment this post.