cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
449
Views
0
Helpful
1
Replies

DNS Cache Poisoning Signature

tami.martin
Level 1
Level 1

Is there a signature available for the new Bind 9 DNS Cache Poisoning vulnerability/exploit.

See reference

http://www.securityfocus.com/bid/25037/info

1 Reply 1

rupadras
Cisco Employee
Cisco Employee

From our research on the subject, we do not believe a high-fidelity signature can be created to detect this attack. The nature of the traffic used in the attack is legitimate and as a successful attack requires some guess-work and timing, there are too many variables to detect any sort of pattern in the traffic used. The initial part of the attack occurs when a user accesses a malicious link. Standard user training should mitigate this vector if users avoid accessing unsolicited links. Updates are also available to patch systems. For more information, please see Intellishield alert number 13831:

https://intellishield.cisco.com/security/alertmanager/basicSearch.do?dispatch=1&UID=13831

We will continue to monitor the situation regarding this vulnerability and take appropriate action when necessary.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: