Since my post on this issue yesterday and also Andy Whelan’s post to the ISSA Ireland’s newslist, a number of people have come back to me offline with regards to the current status within the Irish Internet space. It seems that a number of ISPs, 16 apparently, have not yet patched their DNS servers. But the biggest challenge appears to be organisations ensuring that their DNS servers are patched.
Here is an excerpt from an email I recieved that highlights the challenges;
“we’re patched and we have been notifying our clients who have dns servers non-patched. There is also a worldwide effort by “non-for-profit security organisations” to alert ISP abuse desks, although whether they act or the sysadmins act on the email is anyone’s guess.
There are 35 ISP in INEX (https://www.inex.ie/about/memberlist), a quick look through a “special list – as of 21/07/2008″ shows there were 16 ISPs with DNS servers in their range vulnerable.
The irish ISP’s have patched their main DNS servers, but the problem seems to be their clients who run their own DNS servers, have servers in hosting centres or rogue departmental servers hidden away the IT security teams don’t know about.”
More details are emerging of the nature of this problem (hat tip to Security4all) and active exploit tools are now being used. So in short;
- The criminals have a major opportunity to steal more money,
- They have automated tools to achieve that goal
- They will find vulnerable DNS servers
- They will exploit those servers
- If you have a vulnerable DNS server they will exploit it!
So to those 16 ISPs, patch your systems ASAP. If your normal maintenance window is still a number of weeks away then consider using an emergency window instead. Talk to your upstream ISPs and ensure they also patch their servers.
To those of you who manage or look after your own DNS servers you need to get the finger out and patch them.