How To Prevent Against DNS Cache Poisoning (CA-1997-22)?

How To Prevent Against DNS Cache Poisoning (CA-1997-22)?

0
Created On 09/25/18 19:25 PM - Last Modified 07/19/22 23:11 PM


Resolution


This vulnerability is quite old (1997), but points to a problem inherent in DNS. The vulnerability is exploited by sending a high number of DNS queries to a vulnerable DNS server with the same amount of false replies. It creates a race condition to see if the system can guess the right transaction ID for the DNS server to cache the false reply.

Palo Alto Networks has a number of DNS cache poisoning signatures for specific vendors, as well as, a general brute force signature to detect this type of activity. Look at TID 40003 for the general threshold based signature and 35190, 31349, and 31123 for specific vendor DNS cache poisoning vulnerabilities.

owner: rvanderveken
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClY4CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail