DNS: Transaction Spoofing (2)
This anomaly triggers when it detects attempts to exploit a known vulnerability against most DNS servers (both Windows and Unix/Linux). Attackers can spoof DNS replies by sending multiple crafted packets to DNS servers. A successful attack can result in redirected traffic to unintended locations. There is a related threshold to this attack - sc_dns_mismatch_rate.
Extended Description
Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks. This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable.
Affected Products
Yamaha rt140p,Hp tcp/ip_services_for_openvms_alpha,Lucent vitalqip
References
CVE: CVE-2008-1447
Short Name
DNS:EXPLOIT:TRANSPOOF-2
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DNS
Keywords
CVE-2008-1447 DNS KB953230
Release Date
07/24/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3567
False Positive
Unknown
Vendors
Blue_coat_systems
Astaro
Yamaha
Sun
Isc
Openwall
Ingate
Slackware
Nortel_networks
Nixu
Gentoo
Infoblox
Hp
Juniper_networks
Avaya
Pdnsd
Pardus
Ubuntu
Novell
Debian
Bluecat_networks
Secure_computing
Openbsd
Ibm
Yukihiro_matsumoto
Wind_river_systems
Dnsmasq
Freebsd
Mandriva
Suse
Lucent
Microsoft
F5
Red_hat
Nominum_software
Cisco
Apple
Rpath
Ipcop
Citrix
Python_dns_library
Netbsd
Vmware
CVSS Score
5.0