DNS Security Risks Section 0x02. Joke/Cool thing traceroute 216.81.59.173 traceroute 216.81.59.173 https://www.youtube.com/watch?v=5_dRqPLP1d c https://www.youtube.com/watch?v=5_dRqPLP1d.

Slides:

Advertisements

Similar presentations

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Advertisements

SCADA Security, DNS Phishing

DNS Security Overview AROC Guatemala July What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

Lecture 18 Page 1 CS 236 Online DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Phishing – Read Behind The Lines Veljko Pejović

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

1 and DNS Hacking. Overview Hacking - Technology - Attacks - Phishing/Spearphishing/Whaling DNS Hacking - Technology - Attacks - Flux 2.

DNS Security Brad Pokorny The University of Minnesota Informal Security Seminar 4/18/03.

CSE 461 Section (Week 0x02). Port numbers for applications MAC addresses for hardware IP addresses for a way to send data in a smart, routable way.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Norman SecureSurf Protect your users when surfing the Internet.

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

Got DNS? A review of Domain Name Services and how it impacts website developers. By Jason Baker Digital North.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

CSUF Chapter 6 1. Computer Networks: Domain Name System 2.

IIT Indore © Neminath Hubballi

1 DNS: Domain Name System People: many identifiers: m SSN, name, Passport # Internet hosts, routers: m IP address (32 bit) - used for addressing datagrams.

October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.

1 Application Layer Lecture 6 Imran Ahmed University of Management & Technology.

COMT 6251 Network Layers COMT Overview IP and general Internet Operations Address Mapping ATM LANs Other network protocols.

Chapter 29 Domain Name System (DNS) Allows users to reference computer names via symbolic names translates symbolic host names into associated IP addresses.

Domain Name System CH 25 Aseel Alturki

DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.

Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.

DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.

Lecture 18 Page 1 CS 236, Spring 2008 DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.

Role Of Network IDS in Network Perimeter Defense.

So DNS is A client-server application that maps domain names into their corresponding IP addresses with the help of name servers. Mapping domain names.

Short Intro to DNS (part of Tirgul 9) Nir Gazit. What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System.

Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.

Domain Name System: DNS To identify an entity, TCP/IP protocols use the IP address, which uniquely identifies the Connection of a host to the Internet.

THE DNS (DOMAIN NAME SYSTEM). Before the DNS, all computers connected to the internet through ARPANET (the worlds first operational packet switching network).

How the Domain Name System has impacted Internet history. Fig 1: The structure of the DNS name space.

DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.

Security Issues with Domain Name Systems

Attacking DNS Slides adapted from Olaf Kolkman, RIPE Lecture 18

DNS Security Advanced Network Security Peter Reiher August, 2014

What’s the relationship here?

CONNECTING TO THE INTERNET

DNS Security Issues SeongHo Cho DPNM Lab., POSTECH

Secure Software Confidentiality Integrity Data Security Authentication

Practical Censorship Evasion Leveraging Content Delivery Networks

DNS Session 5 Additional Topics

Unit 5: Providing Network Services

DNS Cache Poisoning Attack

DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.

DNSSEC Iván González Montemayor A

Net 323 D: Networks Protocols

Chapter 19 Domain Name System (DNS)

Security in Networking

ROUND ROBIN DNS Round robin DNS is usually used for balancing the load of geographically distributed Web servers. For example, a company has one domain.

CS4622: Computer Networking

Network Security: DNS Spoofing, SQL Injection, ARP Poisoning

NET 536 Network Security Lecture 8: DNS Security

Chapter 25 Domain Name System

NET 536 Network Security Lecture 6: DNS Security

Deprecation of certificates for internal needs

DNS: Domain Name System

Chapter 25 Domain Name System

COMPUTER NETWORKS PRESENTATION

Computer Networks Presentation

DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.

DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.

Presentation transcript:

DNS Security Risks Section 0x02

Joke/Cool thing traceroute traceroute c c

DNS Overview (Basics) World’s largest distributed database (maybe?) World’s largest distributed database (maybe?) Maintains name address relationship on the Internet Maintains name address relationship on the Internet Critical component of the Internet Critical component of the Internet

DNS Overview (Data Flow) Client tries to resolve a name Client tries to resolve a name Asks the next level (“zone”) up Asks the next level (“zone”) up If the next highest zone knows, it answers If the next highest zone knows, it answers If not, it asks the next highest zone If not, it asks the next highest zone Each zone has an authoritative server responsible for answering these requests Each zone has an authoritative server responsible for answering these requests

Potential Attacks Why might we want to exploit DNS requests? Why might we want to exploit DNS requests? How might we exploit DNS requests? How might we exploit DNS requests?

Simple Attacks Typosquatting Typosquatting Denial of Service Denial of Service Registrar Hacking Registrar Hacking

Typosquatting Register an address that’s very similar to a well- known, legitimate one Register an address that’s very similar to a well- known, legitimate one Examples: Examples: Occasionally used for phishing attacks Occasionally used for phishing attacks Usually just for ad views or financial squatting Usually just for ad views or financial squatting

Denial of Service Hosts must query DNS servers to find the IP addresses mapped to by unknown hostnames Hosts must query DNS servers to find the IP addresses mapped to by unknown hostnames Overloading these servers can cause them to be unable to respond to requests Overloading these servers can cause them to be unable to respond to requests Root DNS servers are the prime targets of attacks Root DNS servers are the prime targets of attacks Can make it impossible to connect to web servers without knowing their IP address Can make it impossible to connect to web servers without knowing their IP address

Registrar Hacking Domain name-to-IP mappings are registered with a number of companies Domain name-to-IP mappings are registered with a number of companies These companies’ name servers supply IP information about their managed domains These companies’ name servers supply IP information about their managed domains If these servers are hacked, traffic can be redirected If these servers are hacked, traffic can be redirected Happened to in August 2013 Happened to in August 2013 Melbourne IT registrar was hacked by the Syrian Electronic Army (with valid user credentials) and IP addresses were changed Melbourne IT registrar was hacked by the Syrian Electronic Army (with valid user credentials) and IP addresses were changed

Complex Attacks Rogue DNS Servers Rogue DNS Servers DNS Cache Poisoning DNS Cache Poisoning

Rogue DNS Servers When a system doesn’t know a name IP mapping, it goes to the next level up When a system doesn’t know a name IP mapping, it goes to the next level up If this next level up is a server controlled by a malicious entity, the response it gets may be wrong! If this next level up is a server controlled by a malicious entity, the response it gets may be wrong! Malware can manipulate the IP address that a system accesses to get DNS responses Malware can manipulate the IP address that a system accesses to get DNS responses Alternatively, a DNS server along the chain may maliciously return incorrect data Alternatively, a DNS server along the chain may maliciously return incorrect data Packets can be introduced into the flow, even without a proper DNS server in place: this is DNS spoofing! Packets can be introduced into the flow, even without a proper DNS server in place: this is DNS spoofing! Certain ISPs (e.g., Comcast) use this technique as well! Certain ISPs (e.g., Comcast) use this technique as well! Common example: if an uncommon or nonexistent hostname is typed in, the ISP’s DNS server may respond with a search page rather than an error Common example: if an uncommon or nonexistent hostname is typed in, the ISP’s DNS server may respond with a search page rather than an error A.k.a. “DNS hijacking” or “DNS redirection” A.k.a. “DNS hijacking” or “DNS redirection”

DNS Cache Poisoning Various DNS servers along the chain serve requests from a local cache (your own system also has a cache) Various DNS servers along the chain serve requests from a local cache (your own system also has a cache) This cache is supposed to expire regularly, but should mostly be correct This cache is supposed to expire regularly, but should mostly be correct By directly or indirectly altering this cache data can cause a trusted nameserver to return incorrect responses By directly or indirectly altering this cache data can cause a trusted nameserver to return incorrect responses

DNS attack story #1 October 2002 and February 2007 root server attacks October 2002 and February 2007 root server attacks DDoS attacks on DNS root servers DDoS attacks on DNS root servers Peak ~900 Mbps; ~2000 Mbps Peak ~900 Mbps; ~2000 Mbps Only briefly affected performance Only briefly affected performance DNS redundancy, large number of root servers DNS redundancy, large number of root servers

DNS attack story #2 ICANN June 2008 attack ICANN June 2008 attack Internet Corporation for Assigned Names and Numbers Internet Corporation for Assigned Names and Numbers Social engineering attack Social engineering attack Compromised name servers redirected to hacker-controlled IP address Compromised name servers redirected to hacker-controlled IP address

DNS attack story #2

Possible Solutions Typosquatting Typosquatting Buying up typos Buying up typos Trademarking Trademarking Denial of Service Denial of Service Redundancy Redundancy Selectively blocking traffic Selectively blocking traffic Already mostly solved! Already mostly solved! Registrar Hacking Registrar Hacking Strong passwords Strong passwords Anti-social engineering training Anti-social engineering training

Possible Solutions (cont.) Rogue DNS Servers and Cache Poisoning Rogue DNS Servers and Cache Poisoning Trusted DNS servers ( , etc.) Trusted DNS servers ( , etc.) ISPs may still rewrite certain DNS requests ISPs may still rewrite certain DNS requests Cryptographic security for requests Cryptographic security for requests Digital signatures for data authenticity (secure DNS) Digital signatures for data authenticity (secure DNS) Server certificates (to verify that you’ve reached the right IP address) Server certificates (to verify that you’ve reached the right IP address)

?