Security researchers at Nozomi Networks recently issued an advisory warning of the possibility of DNS poisoning attacks in devices using the uClibc and uClibc-ng C standard libraries. The vulnerability remains unpatched, and the exact names of affected devices were therefore not yet disclosed. However, uClibc is a library utilized in OpenWRT, a widespread operating system for routers, and several major vendors such as Linksys, Netgear, Axis, as well as Embedded Gentoo, have been known to deploy systems utilizing uClibc. The vulnerability is created by predictable DNS transaction IDs; attackers who are able to win a race condition and either predict or brute force the relevant ports in DNS requests would be able to spoof DNS request returns and potentially poison the DNS cache of routers, leading to the possibility of further Man in the Middle (MITM) and phishing attacks. There are currently no known reports of this attack in the wild.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that