Large ISPs Still Vulnerable to DNS Attack

According to Neal Krawetz of Hacker Factor, several large ISPs still haven't patched their DNS servers to guard against a critical vulnerability that was made public two weeks ago.

Dan Kaminsky reported the flaw and took special care to ensure that information about the problem was kept quiet until major software vendors could make patches available. Exploits are already on the loose but meanwhile countless Internet users are at risk because their ISPs still haven't installed the available patches or taken steps to secure all their DNS servers through other methods.

According Krawetz's survey of 60 DNS servers, as of July 24 seventeen DNS servers are still vulnerable to attack. The offending ISPs including Comcast, Adelphia, BTInternet, Sprintlink, Bellsouth, Tmnet Streamyx, Xtra, and Wave Broadband.

Kaminsky also offered statistics that he gathered through a DNS vulnerability testing tool available on his website. Anyone can use the tool to test the DNS server currently configured in their TCP/IP settings. As of July 25, Kaminsky reports that the last 5,000 vulnerability tests conducted by the tool reveal that 2,503 are still vulnerable. Many of those vulnerable servers undoubtedly belong to major ISPs.