TODAY & TOMORROW PRESENTED BY: JAMES SPEIRS CHARLES HIGBY BRADY REDFEARN Domain Name System (DNS)

Slides:



Advertisements
Similar presentations
CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Advertisements

Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
Firewalls and Intrusion Detection Systems
IS 247 Introduction to Web Application Development Tim Wu.
Lesson 7 – THE BUSINESS OF NETWORKING. TCP/IP and UDP Other Internet protocols Important Internet protocols OVERVIEW.
Cornell CS502 Web Basics and Protocols CS 502 – Carl Lagoze Acks to McCracken Syracuse Univ.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Client Server Model The client machine (or the client process) makes the request for some resource or service, and the server machine (the server process)
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
CSE 461 Section (Week 0x02). Port numbers for applications MAC addresses for hardware IP addresses for a way to send data in a smart, routable way.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
DNS Domain Name Systems Introduction 1. DNS DNS is not needed for the internet to work IP addresses are all that is needed The internet would be extremely.
DNS: Domain Name System Mark Ciocco Chris Janik Networks Class Presentation Tuesday April 18, 2000 To insert your company logo on this slide From the Insert.
Networking Basics: DNS IP addresses are usually paired with more human-friendly names: Domain Name System (DNS). internet.rutgers.edu HostnameOrganizationTop-level.
ES 101. Module 3 Domain Name System (DNS). Last Lecture Routing and IP addressing.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
DNS and HTTP. Finally, the application layer! We have learned about: – Signals being sent on wires – Frames carried over dumb local networks – Packets.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
Got DNS? A review of Domain Name Services and how it impacts website developers. By Jason Baker Digital North.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
CSUF Chapter 6 1. Computer Networks: Domain Name System 2.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
IIT Indore © Neminath Hubballi
CS526Topic 19: DNS Security1 Information Security CS 526 Topic 19: DNS Security.
DNS (Domain Name System). Domain Name System (DNS) Developed by Postel & Mockapetris is a good site to browse The phone.
Web application architecture
By Chris Racki. Outline  Introduction  How DNS works  A typical DNS lookup  Caching for later  Vulnerabilities of DNS  Anatomy of a cache poisoning.
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
Chapter 17 Domain Name System
Chapter 1: Introduction to Web Applications. This chapter gives an overview of the Internet, and where the World Wide Web fits in. It then outlines the.
Examining TCP/IP.
HOW WEB SERVER WORKS? By- PUSHPENDU MONDAL RAJAT CHAUHAN RAHUL YADAV RANJIT MEENA RAHUL TYAGI.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 2: TCP/IP Architecture.
Chapter 4 Networking and the Internet. © 2005 Pearson Addison-Wesley. All rights reserved 4-2 Chapter 4: Networking and the Internet 4.1 Network Fundamentals.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Domain Name Registration Presented By: Jessica Bradley David Cunningham John Morrison.
Packet Filtering & Firewalls. Stateless Packet Filtering Assume We can classify a “good” packet and/or a “bad packet” Each rule can examine that single.
1 TCP/IP Networking. 2 TCP/IP TCP/IP is the networking protocol suite most commonly used with UNIX, Windows, NT and most other OS’s. TCP/IP defines a.
The Inter-network is a big network of networks.. The five-layer networking model for the internet.
TODAY & TOMORROW DAY 2 - GROUP 5 PRESENTED BY: JAMES SPEIRS CHARLES HIGBY BRADY REDFEARN Domain Name System (DNS)
1 Kyung Hee University Chapter 18 Domain Name System.
Lecture Number One History of the internet and a bit about how it works.
Presented by Rebecca Meinhold But How Does the Internet Work?
2.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 2: Examining.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.
DNS Cache Poisoning. History 1993 – DNS protocol allowed attacker to inject false data which was then cached 1997 – BIND 16-bit transaction ids not randomized,
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
1 Network Address Translation (NAT) and Dynamic Host Configuration Protocol (DHCP) Relates to Lab 7. Module about private networks and NAT.
IP addresses IPv4 and IPv6. IP addresses (IP=Internet Protocol) Each computer connected to the Internet must have a unique IP address.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration NAT.
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Domain Name System INTRODUCTION to Eng. Yasser Al-eimad
Grades update. Homework #1 Count35 Minimum Value47.00 Maximum Value Average
COMPUTER NETWORKS Hwajung Lee. Image Source:
Short Intro to DNS (part of Tirgul 9) Nir Gazit. What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System.
End-host IP: MAC: 11:11:11:11:11 gateway IP: MAC: 22:22:22:22:22 Google server IP: interne t interface DNS server IP:
CSE 461 Section. Port numbers for applications MAC addresses for hardware IP addresses for a way to send data in a smart, routable way.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Internet Protocol Version4 (IPv4)
Security Issues with Domain Name Systems
CIT 480: Securing Computer Systems
Chapter 19 Domain Name System (DNS)
Presentation transcript:

TODAY & TOMORROW PRESENTED BY: JAMES SPEIRS CHARLES HIGBY BRADY REDFEARN Domain Name System (DNS)

Overview o History o How It Works o DNS Packet Structure o DNS Features o DNS Security Evolution, Early Days o Current DNS Issues o Bailiwick Defined o Bailiwick Defined o BIND 9.6 Or Later o BIND 9.6 Or Later o Guilty Parties o DNS Exploit, Dan Kaminiski o DNS Exploit, Dan Kaminiski o BIND 8 Or Earlier o BIND 8 Or Earlier o Kaminski's Results o What Can Save Us?

History  Pre-DNS o Hosts file  Stanford Research Institute (SRI)  FTP

History Continued  1983 o Paul Mockapetris, Inventor o RFCs 882 & 883  1984 o Berkeley & UNIX o Berkeley & UNIX  1985  1985 o Kevin Dunlap, Digital Equipment Corporation (DEC) o Kevin Dunlap, Digital Equipment Corporation (DEC) o Berkeley Internet Name Domain (BIND)  1987 o RFCs1034 &1035  1990s o BIND ported to Windows NT

How it Works  Distributed Databases o Local machine  Hosts file  Linux - /etc/hosts  Mac - /private/etc/hosts  Windows - %SystemRoot%\system32\drivers\etc\  Local cache  Active memory  Browser cache

How It Works Continued  Distributed Databases o Not on local machine  UDP request  100 bytes  ISP DNS responds  ISPs ISP DNS responds  Core DNS responds

DNS Packet Structure

DNS Features  Name server responds with all sub-domains o microsoft.com, o microsoft.com, o secure.microsoft.com o update.microsoft.com  Compression (~3x)  Redundancy  Round-robin assignment  Entry expiration (3,600 seconds) o 3,600 second default o Defined by name server  The "big 13 root servers" contain main DNS entries always o.com,.net,.tv,.info,.gov,.mil, etc. o

DNS Security Evolution, Early Days  No bad guys in 1983  Transaction ID (TID) o Incremental counting integer o Random TID  Port 53 o Incoming port 53 o Port 53 outgoing o Random outgoing port, Dan Bernstein

Current DNS Issues  DNS Poisoning o First response wins o No TCP o Transaction IDs – 16-bits o Ports – 16-bits  DNS Controllers o ICANN o US Commerce Department o US Commerce Department o Verisign o Verisign o 13 core servers

Bailiwick  Defined o "The neighborhood of the domain"  Bailiwicked Domain Attack o In Bailiwick  microsoft.com  update.microsoft.com  security.microsoft.com  All acceptable DNS entries o Not in Bailiwick  google.com  yahoo.com  These entries are thrown away

BIND 9.6 Or Later Example of current version of BIND

Guilty Parties  Guilty Parties o Any DNS not randomizing ports o OpenWRT software  Secure Services o OpenDNS o djbdns o Simple router software

DNS Exploit, Dan Kaminski  Cache miss at ISP o Find DNS IPs for example.com  ns1.example.com ( )  ns2.example.com ( ) o Send query of bogus machine  aaa.example.com o ISPs DNS queries example.com for fake comp  Note UDP outgoing port from ISP (7649) o Send 100 UDP packets with random TIDs to ISP at port 7649 with your IP as location for example.com

BIND 8 Or Earlier Example of older versions of BIND

Kaminski's Results  Repeat the exploit for any domain  In 30 seconds, you control the entire domain  Works because  Works because o New IPs are in bailiwick o New IPs replace old ones at ISP o Make TTL really big  Maximum of 2,147,483,647 seconds  68+ Years  Never expires o Nothing appears wrong  URL bar is  Displayed site is google.com

What Can Save Us?  SSL certificates o Cannot be duplicated o Must be examined  If available, force HTTPS  Most sites don't support either solution  Test your ISP o entropy.dns-oarc.net/test

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.