Following our previous article about the Kaminsky DNS Vulnerability, it has now emerged that active attacks are taking place. Attacks were inevitable, but these have occurred sooner than expected, due to the details of the flaw being made public earlier than expected.

The press coverage and publicity surrounding the DNS flaw has been substantial, particularly among the system-administrator and security communities. This led many administrators and security experts to speculate on the potential cause of such a fundamental flaw - and it looks like one get it right.

A reverse-engineering expert called Halvar Flake correctly guessed the details while posting to his blog - this was quickly spotted and reported by those in the know, which let the cat out of the bag.

It appears that Dan Kaminsky was initially reluctant to confirm Halvar's speculation, but this led to a dilemma as Halvar's posting appeared perfectly plausible - if Kaminsky failed to confirm the posting as correct, it could have led to concerns that there were two fundamental flaws in the DNS system!

The intention had been to keep the details secret until next month, which would have given system administrators ample time to patch their DNS servers, following one of the biggest co-ordinated patch releases ever undertaken.

However, this luxury no longer exists and administrators of all public-facing DNS servers are now being urged to upgrade as a matter of priority if they have not already done so.

The first attack was reported on 25th July 2008, which attempts to access the DNS server cache for entires to ebay, MySpace, facebook, yahoo, gmail, etc.