Welcome Today Our Topics are: DNS (The Potential Problem for Complete Anonymity) Transparent DNS Proxy (The Problem & The Solution) How To.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
EEC-484/584 Computer Networks Lecture 6 Wenbing Zhao
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
ITIS 6167/8167: Network and Information Security Weichao Wang.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Internet Basics.
Chabot College ELEC Name Resolution.
1 Enabling Secure Internet Access with ISA Server.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
The internet and the WWW
A question of protocol Geoff Huston APNIC 36. Originally there was RFC791: “All hosts must be prepared to accept datagrams of up to 576 octets (whether.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Windows Internet Connection Sharing Dave Eitelbach Program Manager Networking And Communications Microsoft Corporation.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
Cisco Discovery Working at a Small-to-Medium Business or ISP CHAPTER 7 ISP Services Jr.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Rhys McBreen (How the internet works) X. Contents The Layers and what they do IP Addressing X.
Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.
Part 2  Access Control 1 CAPTCHA Part 2  Access Control 2 Turing Test Proposed by Alan Turing in 1950 Human asks questions to another human and a computer,
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
DNS Related Commands Sayed Ahmed Computer Engineering, BUET, Bangladesh (Graduated on 2001 ) MSc, Computer Science, U of Manitoba, Canada
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
The complete picture Linux Network Management. End to End Connection Being able to describe the end to end connection sequence is a useful thing Very.
Deploying a Web Application Presented By: Muhammad Naveed Date:
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-
Day 14 Introduction to Networking. Unix Networking Unix is very frequently used as a server. –Server is a machine which “serves” some function Web Server.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Presented by Rebecca Meinhold But How Does the Internet Work?
Networks Part 3: Packet Paths + Wireshark NYU-Poly: HSWP Instructor: Mandy Galante.
CS2910 Week 5, Class 2 Today DNS Muddy Points More HTTP Headers Review for Midterm Exam This coming Monday: Midterm Exam SE-2811 Slide design: Dr. Mark.
A Quick Look At How Works Understanding the basics of how works can make life a lot easier for any user. Especially those who are interested.
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
A PC Wakes Up A STORY BY VICTOR NORMAN. Once upon a time…  a PC (we’ll call him “H”) is connected to a network and turned on. Aside: The network looks.
NETWORKING (2) Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
ITP 457 Network Security Networking Technologies III IP, Subnets & NAT.
The Domain Name System The Components, Functions, Legality and Issues of the Domain Name System.
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
Monitoring, analyzing and cleaning DNS configuration errors across European NRENs Slavko Gajin University of Belgrade, Serbia
Monitoring Dynamic IOC Installations Using the alive Record Dohn Arms Beamline Controls & Data Acquisition Group Advanced Photon Source.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Chapter 5c.  Upon completion of this chapter, you should be able to:  Configure IP addresses  Identify & select valid IP addresses for networks  Configure.
MAN-IN-THE-MIDDLE ATTACK STEGANOGRAPHY Lab# MAC Addresses and ARP  32-bit IP address:  network-layer address  used to get datagram to destination.
Blocking Access to Websites. Normal operations We type the URL (e.g., to the browser. So many things happen.
Ip addressing: dhcp & dns
Troubleshooting a Network
Linux Ubuntu Network Commands 3 A.S.
Computer Data Security & Privacy
Troubleshooting IP Communications
Packet Sniffing.
Topic 5: Communication and the Internet
Modelling the internet
2 - IP Routing.
Modelling the internet
Ip addressing: dhcp & dns
Presentation transcript:

Welcome

Today Our Topics are: DNS (The Potential Problem for Complete Anonymity) Transparent DNS Proxy (The Problem & The Solution) How To Use Public DNS To Attack

# What is DNS ? # And How Does it Work ?

# What is DNS: It stands for Domain Name System. Whenever you try to open a website, your computer sends a query to your DNS server, and your DNS sends back the ip address of that website as reply. # How Does it Work: DNS doesn't require any connection establishment (or handshaking). Your computer sends a packet to port 53 of your DNS server with a query, sets your ip as source and the ip of your DNS as destination address. Then DNS sends back a packet as reply sets it's own ip as source and your ip as destination address.

The Picture Of DNS ● Suppose your ip is and DNS's ip is and your computer asking for the ip of Your pc ip: Your DNS server ip: Source: Query: what is the ip of ? Destination: Source: Result: ip is x.x.x.x Destination:

How can I find my DNS ? ● It depends on mainly on Operating System. If you use a router to connect to Internet then you'll find the ip of your router in following results. ● Linux Users: You can find your DNS entry in “resolv.conf” under “/etc” directory. Eg “/etc/resolv.conf” ● Windows Users (8/7/Vista/XP/NT/2003): At DOS prompt type the command: C:\>ipconfig /all

Getting Bored! Everyone knows that. So Where is The Problem ???

# Why it is a potential problem for complete anonymity ? Your ISP (Internet Service Provider) log each and every request you made to it's DNS server. You might leak information about your ISP's DNS, Even if you use proxy or vpn. It'll make tracing you a lot easier. You can check, whether your internet connection is leaking information about your DNS or not, at :

So whats the big deal ? I can change DNS address manually, in my Operating System...

Here comes the story of Transparent DNS Proxy (A big threat for anonymity). Some ISPs are now using a technology to intercept all DNS lookup requests (TCP/UDP port 53) and transparently proxy the results. This effectively forces you to use their DNS service for all DNS lookups. This is called “Transparent DNS proxy”. If your ISP is using this technology, you might be surprised to know that all your dns queries are getting logged, even if you have changed your DNS settings to use an 'open' DNS service such as Google, and expecting that your queries are no longer being sent to your ISP's DNS server.

Does my ISP uses Transparent DNS Proxy? How to detect? Depending on your ISP’s configuration of the transparent proxy it might be anywhere from easy to close to impossible to detect a transparent proxy. If the tests shows that you do not have a transparent dns proxy, you might still be behind one. But for sake of proof, we've tested a Tata Photon internet connection. We got same dns result even after changing the dns manually.

Then Whats the Solution !!!

Solution No 1: There is a tool (or program), that is freely available on internet named “dnscrypt-proxy” is might be your solution. Dnscrypt-proxy acts as a local service which can be used directly as your local resolver or as a DNS forwarder. It encrypts and authenticate requests using its own protocol and passing them to your preferred (dnscrypt-proxy supported) DNS server. You can find a list of dnscrypt-proxy supported DNS servers at the following link: github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv For both linux and windows user, you can find this tool for your respective OS at the following link

Solution No 2: If you use proxychains for anonymity You can change it's setting to resolve your queries from the DNS used by proxy servers. Solution No 3: You can use such a vpn service that doesn't log any of your activity, and gives you protection from transparent DNS proxy. (Beware from some free vpns like “hotspotshield”, it doesn't give you full anonimity ) Solution No 4: Change Your Internet connection !!! ( Sorry Jokes Apart)

How to use public DNS to attack ? At first let see some query types. Actually Dns doesn't handle queries of a single type. Few of those types and their meanings are: Types Meanings A –------> Asking for IPv4 (32 bit) address of a domain AAAA –------> Asking for IPv6 (128 bit) address of a domain NS > Asking for name server record of a domain MX –------> Asking for mail exchange server record of a domain » Etc You can find a really big list of these query types handled by a DNS server here

There is a special type of DNS request called an ANY request. ANY requests ask the DNS resolver for ALL information that it currently knows about the domain which may include where the mail servers are (MX records), what the IP addresses are (A records) and so on. Attackers use this type of query to maximize the size of the response sent to the victim. If we issue this command on a linux terminal, the result will be So, you can see that a 64 byte query generated a 577 bytes of response.

Here the response we got almost 9 times more in size. If we 'dig' such a domain, that has more records the amount of traffic could be even 50 times more. So just imagine what would gonna happen if we query about such hundreds of domain to hundreds of public DNS server ??? First it'll generate lots of amount of internet traffic. And...

It'll crash your own System... !!! OOPS !!!

To make it work you have to redirect all the traffic to your victim. For this you have to send forged packets to DNS server, where you replace the source address of the packets with your victim's ip address. For example: suppose your ip is , and your victim's ip is , then you have to set ' ' as the source ip to all of those packets. You can write your own program to do that. Dont know programming ? No problem you can find an open source tool (with all usage details) to do that, at the following link. You can write your own program to do that.

This is called “DNS Amplification” “A recent attack measured by Cloudflare weighed in at 400Gbps, one of the largest attacks seen to date. That would require an attacker issuing over 200,000 of the above requests per second to open resolvers around the globe.” (Source of information: attacks/) Protection: There are some organizations available on internet which gives protection from such attacks. To protect your domain from such kind of attacks you take their service, and ofcourse it's not free.

Thank You. Question Please. Created By Arup & Chiranjit

Gooooooood Byeeeeeee Everyone. Thanx to tolerate us.