Summary

• The Cisco OpenDNS service was susceptible to a DNS pulsing attack due to improper handling if a large volume of queued DNS requests was received. This attack takes advantage of multiple commonly implemented DNS mechanisms. DNS queries are sent at a low rate and amplified into large-sized responses. This concentrates the DNS responses into a short, high-volume burst to overwhelm target systems.

Affected Products

• The Cisco OpenDNS service had exposure to this issue.

Workarounds

• There are no workarounds that address this issue.

Fixed Software

• Cisco has addressed this issue in Cisco OpenDNS, which is cloud based. No user action is required. Customers can determine the current remediation status or software version by using the Help function in the service GUI.

  Customers who need additional information are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Exploitation and Public Announcements

• The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept guidelines are available for the attack described in this advisory.

  The Cisco PSIRT is not aware of any malicious use of this attack that is described in this advisory.

Source

• Cisco would like to thank Xiang Li of Tsinghua University NISL Lab for reporting this issue.

URL

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-opendns-pulse-dos-Dd8L3sZq

Revision History

• Version	Description	Section	Status	Date
  1.1	Updated to remove references to a vulnerability.	Title, Vulnerability Source	Final	2024-MAY-23
  1.0	Initial public release.	-	Final	2024-MAY-20

  Show Less