Exploit in the wild for the Kaminsky DNS vulnerability

Filed under Vulnerabilities
Tagged as , ,

Looks like the exploit code has been released by HD Moore as a Metasploit module. Hope everyone took the DNS patching requests seriously since we all know Metasploit is really easy to use (yes, especially for script kiddies!).

If you haven’t patched your DNS yet…do it now! Check here for more information and here to check your DNS servers to see if they are vulnerable. If your ISP’s DNS is still vulnerable…change your DNS servers to use OpenDNS!


  1. CG says:

    really? the average script kiddie knucklehead is about to download that module and actually get anywhere with it?


  2. Tom says:

    Point taken. I saw on Wired: Threat Level that HD said the following about his module:

    "Moore says the code currently has a limitation:

    This exploit can’t be used to overwrite an existing cache entry, so attackers will have a hard time spoofing common host names on busy DNS servers. The module added to Metasploit will display the expiration date for any pre-cached entries and automatically wait for that amount of time for completing the attack."

    Correct. This might be a bit more technical then what a basic script kiddie could be capable of. Seems that you would just have to wait for the cached entries to expire…?

    Has anyone tested this in a lab yet?

  3. CG says:

    Don’t get me wrong I’m not saying its not dangerous, its just frustrating that people immediately lump a metasploit module –especially in this case because its only an aux module with script kiddie mass pwnage.

    with the number of "why cant i exploit my XP SP2+ box with DCOM" questions I see and take, I dont think we have to be too worried about the lowest common denominator on this one.

Post a Comment

Your email is never published nor shared. Required fields are marked *