The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PCI - Remote DNS Server is vulnerable to cache snooping

Discussion in 'Security' started by fuzioneer, Mar 8, 2010.

  1. fuzioneer

    fuzioneer Well-Known Member

    Joined:
    Dec 12, 2003
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    Been working through pickups for pci compliance

    last deal breaker is the following:-

    The remote DNS server is vulnerable to cache snooping attacks. Risk:
    High UDP Port:
    53
    The remote DNS server responds to queries for third-party domains
    that do not have the recursion bit set.

    This may allow a remote attacker to determine which domains have
    recently been resolved via this name server, and therefore which hosts
    have been recently visited.

    For instance, if an attacker was interested in whether your company
    utilizes the online services of a particular financial institution,
    they would be able to use this attack to build a statistical model
    regarding company usage of that financial institution. Of course, the
    attack can also be used to find B2B partners, web-surfing patterns,
    external mail servers, and more.

    Note: If this is an internal DNS server not accessable to outside
    networks, attacks would be limited to the internal network. This
    may include employees, consultants and potentially users on
    a guest network or WiFi connection if supported.

    Solution:
    Use another DNS software.

    lol the solution seems a bit crude, anyone who is knowledge tell me what i can do to resolve this ?
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    If you are using bind in it's default state, it does have limited 3rd party recursion and zone transfers but you can reconfigure that easy enough to only allow to local address and resolvers that actually have a legitimate need to be directly communication with your server.
     
  3. qdixon

    qdixon Registered

    Joined:
    Mar 23, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Spiral, Can you be a little more specific as what to change and where?
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Tell you what ....

    Email me a copy of your /etc/resolv.conf and a capture of your "ifconfig" and from that I can probably write you up a quite list of the lines you need to insert and patch to your /etc/named.conf
     
  5. fuzioneer

    fuzioneer Well-Known Member

    Joined:
    Dec 12, 2003
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    I can disable recursion quite easily but this causes a huge issue as the store that operates on the same server cannot then complete the checkout process, it literally gets to a certain point and then goes to a blank screen

    tested this a few times and it is repeatable, with recursion enabled checkout operates fine, with recursion disabled the checkout dails.

    OsCommerce derivative is the framework used on the store btw
     
Loading...

Share This Page