Vigil@nce - DNS, Windows 2008 DNS: distributed denial of service via Root Hints
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the DNS Service of Windows 2008 (or any other
service returning Root Hints), in order to trigger a distributed
denial of service.
– Impacted products: Windows 2008, DNS
– Severity: 2/4
– Creation date: 26/02/2014
DESCRIPTION OF THE VULNERABILITY
A DNS service can be configured to be authoritative for a domain.
When a client queries a non recursive DNS service for a domain it
is not authoritative for, the RFC 1034 suggests the server to
return the list of root DNS servers ("root hints"). However, this
behavior can be used for an amplification attack, because the size
of the Root Hints reply is larger than the size of the DNS query.
The ISC Bind DNS server thus chose to not return Root Hints.
However, the Windows DNS service returns Root Hints.
An attacker can therefore use the DNS Service of Windows 2008 (or
any other service returning Root Hints), in order to trigger a
distributed denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN