The ScanSafe security response team has been closely monitoring reports of flaws within the Domain Name System (DNS). These flaws could theoretically allow an attacker to redirect Internet users to sites other than they expected. For example, a request to a legitimate bank or e-commerce site could be redirected to an attacker-owned site which masqueraded as the legitimate site. This could allow attackers to perform a man-in-the-middle attack to harvest logon credentials and/or credit card details used with the legitimate website.
 
ScanSafe customers have significant protection from zero-day DNS flaws due to the unique way our network is built. This reduces the risk down to a tiny level and makes a brute force attack impractical.
 
Some of these defenses include:
 
- ScanSafe use per-query source port randomization for DNS queries, making brute force attacks impractical
 
- ScanSafe use multiple DNS servers within each tower, further reducing the chances of success by several orders of magnitude
 
- ScanSafe actively monitors the security discussion lists, and proactively applies system patches as soon as issues are identified
 
ScanSafe customers are invited to use the tool at http://doxpara.com/ to demonstrate that requests through our service are safe from DNS poisoning.
 
In addition, ScanSafe customers benefit from Outbreak Intelligence (OI^TM), a proprietary security platform that detects zero-hour and known malware and phishing threats. By using a combination of multiple, correlated detection technologies, automated machine-learning heuristics, and the industry’s largest Web data set, OI provides the most effective solution against new and known Web malware and phishing sites.
 
Further technical details on the DNS flaws are available in the CERT advisory, and ScanSafe strongly recommends customers review their own network infrastructure and ensure they have applied the latest applicable vendor updates.