Ua hōʻike nā loea mai nā keʻena noiʻi JSOF i ʻehiku mau nāwaliwali hou i ka DNS/DHCP server dnsmasq. He mea kaulana loa ka server dnsmasq a hoʻohana ʻia e ka paʻamau i nā mahele Linux he nui, a me nā lako pūnaewele mai Cisco, Ubiquiti a me nā mea ʻē aʻe. Loaʻa nā nāwaliwali o Dnspooq i ka make ʻana o ka cache DNS a me ka hoʻokō code mamao. Ua hoʻopaʻa ʻia nā nāwaliwali ma dnsmasq 2.83.
I ka makahiki 2008, ua ʻike a hōʻike ka mea noiʻi palekana kaulana ʻo Dan Kaminsky i kahi hemahema koʻikoʻi o ka mīkini DNS o ka Pūnaewele. Ua hōʻoia ʻo Kaminsky e hiki i nā mea hoʻouka ke hoʻopunipuni i nā ʻōlelo aʻoaʻo a ʻaihue i ka ʻikepili. Ua kapa ʻia kēia ʻo "Kaminsky Attack".
Ua manaʻo ʻia ʻo DNS he protocol insecure no nā makahiki he mau makahiki, ʻoiai ua manaʻo ʻia e hōʻoiaʻiʻo i kahi pae o ka pono. ʻO ia ke kumu i hilinaʻi nui ʻia ai. I ka manawa like, ua hoʻomohala ʻia nā mīkini e hoʻomaikaʻi i ka palekana o ka protocol DNS kumu. Loaʻa kēia mau hana i ka HTTPS, HSTS, DNSSEC a me nā hana ʻē aʻe. Eia nō naʻe, ʻoiai me kēia mau ʻano hana a pau, ʻo DNS hijacking kahi hoʻouka kaua weliweli ma 2021. Ke hilinaʻi nei ka hapa nui o ka Pūnaewele ma DNS e like me ia i hana ai i ka makahiki 2008, a hiki ke maʻalahi i nā ʻano hoʻouka like.
DNSpooq cache poisoning vulnerability:
CVE-2020-25686, CVE-2020-25684, CVE-2020-25685. Ua like kēia mau haʻahaʻa me ka hoʻouka kaua SAD DNS i hōʻike ʻia e nā mea noiʻi mai ke Kulanui o Kaleponi a me ke Kulanui ʻo Tsinghua. Hiki ke hoʻohui pū ʻia nā nāwaliwali SAD DNS a me DNSpooq i mea e maʻalahi ai ka hoʻouka ʻana. Ua hōʻike pū ʻia nā hoʻouka ʻana me nā hopena maopopo ʻole e nā hoʻoikaika hui ʻana o nā kulanui (Poison Over Troubled Forwarders, etc.).
Hana nā mea palupalu ma ka hōʻemi ʻana i ka entropy. Ma muli o ka hoʻohana ʻana i kahi hash nāwaliwali e ʻike i nā noi DNS a me ka hoʻohālikelike kūpono ʻole o ka noi i ka pane, hiki ke hoʻemi nui ʻia ka entropy a ʻo ~19 bits wale nō e pono ke koho ʻia, e hiki ai ke make i ka cache. ʻO ke ʻano o ka hana dnsmasq i nā moʻolelo CNAME hiki iā ia ke hoʻopunipuni i kahi kaulahao o nā moʻolelo CNAME a hoʻopau maikaʻi i nā moʻolelo DNS 9 i ka manawa.
ʻO nā mea hoʻonāwaliwali hoʻoheheʻe ʻia: CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, CVE-2020-25681. Loaʻa nā vulnerabilities āpau 4 i ke code me ka hoʻokō DNSSEC a ʻike wale ʻia i ka wā e hiki ai ke nānā ʻia ma DNSSEC i nā hoʻonohonoho.
Source: linux.org.ru