& cplSiteName &

Nominum Caches In

Craig Matsumoto

One man's poison leads to another man's product, as Nominum Inc. is proving today with its latest security release.

The company has its own answer to the recently revealed method for DNS cache poisoning -- an attack that tricks a server into forwarding Web traffic to the wrong location. For example, a DNS server might be told that lightreading.com requests should be sent not to Light Reading, but to someplace unspeakably horrible.

Cache poisoning is an unavoidable loophole in DNS. The concept has been around for some time, but recently, researcher Dan Kaminsky found a faster way to get it done. He revealed details of the new threat at the Black Hat conference early this month, having kept the method under wraps until a defense was ready. (See New Internet Poison Gets Instant Antidote.)

Someone out there is taking advantage of it. China Netcom Corp. Ltd. (NYSE: CN; Hong Kong: 0906) was a recent victim, according to security firm Websense, as someone poisoned its default DNS server.

Nominum -- and Kaminsky, too -- say that's not going to be enough. The company's own answer involves multiple defenses, starting with port randomization.

But Nominum also offers what it's calling a Resistance Layer. It's pretty simple: The DNS server doesn't keep all parts of an answer to its queries.

That's important because phony answers are one key to fooling the DNS server. It happens when the server gets an URL request that it doesn't recognize. The server then starts asking its neighbors for advice.

Someone out to do DNS cache poisoning can exploit this by bombarding the DNS server with queries for URLS that don't exist -- and also with fake answers. These answers don't say where the URL is located. Instead, they're of the form, "I don't know the answer, but the server at [some IP address] does." That last part points to the attacker's server, providing a foot in the door if that answer is accepted.

So, this Resistance Layer? It means Nominum's server remembers only the "I don't know the answer" part, disregarding the pointer to another location.

Nominum has also created a Remidiation Layer, which alerts network operators if suspicious activity is detected.

All this security has been added to Vanito, the next-generation DNS server that Nominum started shipping about 18 months ago. Nominum's customers already have their hands on the new software.

Reports shortly after Kaminsky's Black Hat presentation said most carriers hadn't yet bothered patching against the cache poisoning threat, but Nominum says that's not the experience it's had. "Most of our major carriers have upgraded," says Bruce Van Nice, Nominum's director of product marketing.

— Craig Matsumoto, West Coast Editor, Light Reading

(2)  | 
Comment  | 
Print  | 
Related Stories
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
12/5/2012 | 3:33:47 PM
re: Nominum Caches In
that was just uncalled for... got the point the first time :)
Pete Baldwin
Pete Baldwin
12/5/2012 | 3:33:45 PM
re: Nominum Caches In
Yes, I'm feeling guilty about that. I've crossed the line!

At the risk of offending people's tastes: Would you like to see some of the other choices we'd considered?


They're safe for work, although I'd be all for banning the first one in any context.
Featured Video
Upcoming Live Events
March 16-18, 2020, Embassy Suites, Denver, Colorado
April 20, 2020, Las Vegas Convention Center
May 18-20, 2020, Irving Convention Center, Dallas, TX
May 18, 2020, Hackberry Creek Country Club, Irving, Texas
September 15-16, 2020, The Westin Westminster, Denver
All Upcoming Live Events
Upcoming Webinars
Webinar Archive
Partner Perspectives - content from our sponsors
Challenges & Key Issues of Constructing 'MEC-Ready' 5G Bearer Networks for Carriers
By Dr. Song Jun, Senior Solution Architect, Huawei Datacom Product Line
Good Measures for 5G Service Assurance
By Tomer Ilan, Senior Director of Product Management, RADCOM
Automation Scores Against Operational Costs – The Business Benefits of Automation and Orchestration
By John Malzahn, Senior Manager, Service Provider Product Marketing, Cisco Systems
All Partner Perspectives