Yes my malware fighters,
The Internet is hanging together we could say as by elastic bands, and the DNS flaw demonstrates that the patching can go on and on, but really secure this variety of Internet will never be. Music to the ears of those that want to turn the next form of Internet into a sort of hyped up Internet TV Channel or a subscription type or a heavily controlled Internet Version 2.
The situation is grave indeed, the Russian physician and Linux-kernel admin Evgeniy Polyakov has found a way to hack fully patched DNS-servers in under 10 hours. This is a lot less than the 64% chance to hack a nameserver within 24 hours according to the Dutch PowerDNS-developer Bert Hubert. To inject malicious entries into the nameserver Polyakov used two servers, a Gb ethernet connection and 130.000 fake-requests.
With a more forceful outlay the Russian could have have made it within one night provided he had a Gigabit lan and an infected machine. Infected computers within a firm Intranet could be a real menace, because they could infect the whole internal network DNS. These are also golden days for botnets.
He is not that much impressed by his findings. “These things are not cool things to do”. The situation is not cool with this flaw out there for years. The hole is patched, but it is not enough, the inherent underlying structure of the Internet is insecure, it was never meant for hackers and malcreants.
Also a proof of concept exploration was published: http://tservice.net.ru/~s0mbre/blog/devel/networking/dns/2008_08_08.html
polonus
P.S. click the pic for animation…