Important update targets spoofing
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
This update concerns one of my favorite topics, spoofing. I've found that the term spoofing is tossed around like a great bogeyman when the reality is that in many (if not most) cases, spoofing is not a trivial task and generally requires a significant amount of knowledge about you are trying to spoof.
This vulnerability is no different. Essentially, it requires that an attacker be able to guess (or know) the proper transaction value to use when responding to a DNS request, thereby allowing the attacker to provide a response that could direct the target to the wrong IP address of a given resource. Given the complexity of actually pulling off the exploit, you should definitely apply the update under Defense in Depth, but for many environments, the risk assessment of this issue will probably be fairly low.
About the author: Wesley J. Noonan has been working in the computer industry for more than 12 years specializing in Windows-based networks and network infrastructure security design and implementation. He is a staff quality engineer for NetIQ Corp. working on the security management product line. Wes is the author of Hardening Network Infrastructure and is a contributing/co-author for The CISSP Training Guide by QUE Publishing, Hardening Network Security and Firewall Fundamentals. Wes is also the technical editor for Hacking Exposed: Cisco Networks. Wes is a contributor to Redmond magazine, writing on the subjects of network infrastructure and security.
Dig Deeper on Endpoint security management tools