Image via Wikipedia
It’s now 2010, so you would be forgiven for thinking that most DNS servers should have been updated, patched or configured in such a manner as to render the Kaminsky hole null and void.
Unfortunately that is not the case.
So what is the danger?
The danger is what is called “cache poisoning“. In simpler terms, it is possible for a criminal to take advantage of a nameserver‘s configuration and conduct either a “man in the middle” type attack or simply to redirect all the traffic elsewhere. The number of issues is only limited by the criminal’s imagination and technical skill.
Here’s but one example using boards.ie (a popular forum in Ireland) :
UPDATE: Digiweb have fixed their DNS configuration so the test above will no longer work.