DNS Poisoning Attacks November 2005 John (Jenya) Neystadt Security Test Lead Microsoft Israel R&D.

Slides:



Advertisements
Similar presentations
Review iClickers. Ch 1: The Importance of DNS Security.
Advertisements

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
DNS Security Overview AROC Guatemala July What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.
DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
DHCP Security Analysis Dallas Holmes / Matt MacClary ECE 478 Project Spring 2003.
Implementing Domain Name System
Describe four (4) services that are part of the TCP/IP protocol suite that would probably be implemented within a network centre to manage: naming within.
Internet: Authoritive DNS Servers Resolver: gethostbyname( Server: is Client Caching DNS Server.
1 Internet Networking Spring 2006 Tutorial 8 DNS and DHCP as UDP applications.
DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
Domain Name System: DNS
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.
Domain Name System Security Extensions (DNSSEC) Hackers 2.
Multicast DNS Draft-aboba-dnsext-mdns-00.txt. Outline Goals and objectives Scope of the multicast DNS DNS server discovery Non-zeroconf behavior Zeroconf.
COEN 445 Communication Networks and Protocols Lab 3
1 Module 13 Windows NT Networking Services. 2  Overview Installing Network Services Dynamic Host Configuration Protocol (DHCP) Windows Internet Name.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
A question of protocol Geoff Huston APNIC 36. Originally there was RFC791: “All hosts must be prepared to accept datagrams of up to 576 octets (whether.
Module 3 DNS Types.
1 Spring Semester 2009, Dept. of Computer Science, Technion Internet Networking recitation #2 DNS and DHCP.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
IIT Indore © Neminath Hubballi
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 17 Domain Name System (DNS)
Connecting Networks © 2004 Cisco Systems, Inc. All rights reserved. Exploring How IP Address Protocols Work INTRO v2.0—4-1.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
1 Application Layer Lecture 6 Imran Ahmed University of Management & Technology.
DNS POISONING + CENSORSHIP LAB DUSTIN VANDENBERG, VIPUL AGARWAL, LIANG ZHAO 1.
Paper Presentation – CAP Page 2 Outline Review - DNS Proposed Solution Simulation Results / Evaluation Discussion.
Chapter 13 Microsoft DNS Server n DNS server: A Microsoft service that resolves computer names to IP addresses, such as resolving the computer name Brown.
DNS ITL see: Douglas Comer: Internetworking with TCP/IP, volume I” pages
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
IPv6, the Protocol of the Future, Today Mathew Harris.
Packet Filtering & Firewalls. Stateless Packet Filtering Assume We can classify a “good” packet and/or a “bad packet” Each rule can examine that single.
Configuring Network Services and Protocols Lecture 2.
Naming March 8, Networks What is naming?  Associations between some elements in a set of names and some elements in a set of values  Binding.
1 Domain Name System (DNS). 2 3 How DNS Works Application Transport Internet Network Application Transport Internet Network DNS Resolver Name Server.
Module 6: Designing Name Resolution. Module Overview Collecting Information for a Name Resolution Design Designing a DNS Server Strategy Designing a DNS.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.
DNS Cache Poisoning. History 1993 – DNS protocol allowed attacker to inject false data which was then cached 1997 – BIND 16-bit transaction ids not randomized,
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
DNS Domain Name Systems Theory 1. HOW DNS WORKS Theory 2.
DNS Cache Poisoning – The Next Generation by Joe Stewart, GCIH Presented by Stephen Karg CS510, Advanced Security Portland State University Oct. 24, 2005.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 18 Domain Name System (DNS)
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 18 Windows Internet Name Service (WINS)
ITU ccTLD Workshop March 3, 2003 A Survey of ccTLD DNS Vulnerabilities.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.
So DNS is A client-server application that maps domain names into their corresponding IP addresses with the help of name servers. Mapping domain names.
Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.
The Domain Name System Student : Hi this is my presentation about.
Domain Name System (DNS) The Technology Context – B101 Coursework 2 The Technology Context – B101.
© 2013 Infoblox Inc. All Rights Reserved. Paul UKNOF 26 – 13 Sep 2013, London Paul Ebersman.
Domain Name System: DNS To identify an entity, TCP/IP protocols use the IP address, which uniquely identifies the Connection of a host to the Internet.
DNS Security Issues SeongHo Cho DPNM Lab., POSTECH
IMPLEMENTING NAME RESOLUTION USING DNS
Benefits of Using Domain Name System (DNS)
Unit 5: Providing Network Services
DNS Cache Poisoning Attack
Chapter 19 Domain Name System (DNS)
Domain Name System: DNS
COMPUTER NETWORKS PRESENTATION
Presentation transcript:

DNS Poisoning Attacks November 2005 John (Jenya) Neystadt Security Test Lead Microsoft Israel R&D

Internet: Authoritive DNS Servers A Short Overview on DNS Resolver: gethostbyname( Server: is Client Caching DNS Server dns.microsoft.com dns.hacker.com

A Simple Attack – Sending Additional Resource Records gethostbyname( is And is Server DNS Cache: = = Client

An Even Easier Attack – Just Lying gethostbyname( is Server Client

The Problem DNS is not a secure protocol –Every host on the internet can claim that it is an authority for resolving queries –Even if a DNS server is authoritative for domain A, it does not mean it can be trusted to give true answers for domain B –All answers are assumed to be true

Other Protocols in the TCP/IP Protocol Suite DHCP – non-secure HTTPS – secure

More Sophisticated Attacks PRNG Vulnerability The Birthday Attack Both attacks relay on the “First answer wins” property

Query ID Each DNS query contains an ID A response contains the matching query ID The ID is generated by a PRNG –In most past implementations the ID was generated by a weak PRNG function.

PRNG Attack gethostbyname( Server is I don’t know… I better ask somebody else is gethostbyname( First answer wins! Client

PRNG Attack (cont) In older systems it was possible to predict the next PRNG number by observing only the last number generated. In newer systems it is possible to predict the next number with success probability of 0.2 by observing the last 5000 numbers. –Much better, but still not perfect.

The Birthday Attack Gethostbyname(

The Birthday Attack (cont) Based on the mathematical phenomena called The Birthday Paradox: –If there are 23 people in the room, the probability that you share the same birthday with another person is at most 23/365. –But, what is the probability that 2 persons share same birthday? It is greater than 0.5! The problem is that the server generates a recursive query for each of the client’s queries This vulnerability has nothing to do with the strength of the PRNG function. There are many DNS servers that are still vulnerable to this attack, including Microsoft’s implementation.

The Birthday Attack (cont) The probability of succeeding in the birthday attack while sending 700 queries is very close to 1 The probability of succeeding with just sending 700 packets is 0.01

How Can Be done to Mitigate the Attack? Firewalls: –Truncate packets with additional resource records –How should it deal with the birthday attack? –How should it deal with the PRNG vulnerability attack? Deployment –“Split DNS”, protect your network caching DNS server from Man-in-the-Middle attacks

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.