Attackers are downing DNS servers by exploiting BIND bug

As predicted, the critical and easily exploitable flaw that affects all versions of BIND, the most widely used DNS software on the Internet, has started being exploited by attackers.

The CVE-2015-5477 flaw allows them to mount Denial of Service attacks against websites and other services.

“DNS is one of the most critical parts of the Internet infrastructure, so having your DNS go down also means your email, HTTP and all other services will be unavailable,” Sucuri Security CTO Daniel Cid explained and advised administrators to patch their DNS servers.

He also offered instructions on how to check whether their servers are targeted.

The patch for the flaw has been pushed out late last week, but the attackers are taking advantage of the fact that not all DNS server administrators have implemented it yet.

“Almost all unpatched BIND servers are potentially vulnerable. We know of no configuration workarounds. Screening the offending packets with firewalls is likely to be difficult or impossible unless those devices understand DNS at a protocol level and may be problematic even then. And the fix for this defect is very localized to one specific area of the BIND code,” explained ISC’s Michael McNally.

It’s unlikely that Internet users will be much affected by the attacks, but businesses can not afford to stay offline for long, so patching should be done as soon as possible.

“The new BIND vulnerability illustrates one of the key reasons companies are outsourcing DNS,” commented Kris Beevers, founder and CEO of NSONE. “We are witnessing an uptick in interest in managed DNS, both in the cloud, and on-premise inside enterprise datacenters with private DNS solutions. In many cases IT buyers are addressing security and manageability concerns by shifting their DNS to managed solutions.”