IIT Indore © Neminath Hubballi

Slides:



Advertisements
Similar presentations
Review iClickers. Ch 1: The Importance of DNS Security.
Advertisements

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
DNS Security Overview AROC Guatemala July What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.
1 SecSpider: Distributed DNSSEC Monitoring Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.
20101 The Application Layer Domain Name System Chapter 7.
Domain Name System: DNS
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Domain Name System Security Extensions (DNSSEC) Hackers 2.
DNS Security Brad Pokorny The University of Minnesota Informal Security Seminar 4/18/03.
Chapter 25 Domain Name System
Domain Name Services Oakton Community College CIS 238.
Configuring and Managing the DNS Server Role Lesson 4.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Tony Kombol ITIS Who knows this? Who controls this? DNS!
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
CSUF Chapter 6 1. Computer Networks: Domain Name System 2.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 17 Domain Name System
Domain Name System CH 25 Aseel Alturki
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
Fully Qualified Domain Names FQDNs. DNS Database A distributed, hierarchical database Resolves Fully Qualified Domain Names (FQDNs) to IP addresses –
1 Kyung Hee University Chapter 18 Domain Name System.
Tony Kombol ITIS DNS! overview history features architecture records name server resolver dnssec.
Configuring Name Resolution and Additional Services Lesson 12.
Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.
DNS Security Extension 1. Implication of Kaminsky Attack Dramatically reduces the complexity and increases the effectiveness of DNS cache poisoning –No.
DNS Cache Poisoning – The Next Generation by Joe Stewart, GCIH Presented by Stephen Karg CS510, Advanced Security Portland State University Oct. 24, 2005.
Linux Operations and Administration
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.
Ch 6: DNSSEC and Beyond Updated DNSSEC Objectives of DNSSEC Data origin authentication – Assurance that the requested data came from the genuine.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
DNS Cache Poisoning (pretending to be the authoritative zone) ns.example.co m Webserver ( ) DNS Caching Server Client I want to access
Internet Naming Service: DNS* Chapter 5. The Name Space The name space is the structure of the DNS database –An inverted tree with the root node at the.
Domain Name System INTRODUCTION to Eng. Yasser Al-eimad
Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.
Grades update. Homework #1 Count35 Minimum Value47.00 Maximum Value Average
Short Intro to DNS (part of Tirgul 9) Nir Gazit. What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System.
Internet infrastructure 1. Infrastructure Security r User expectations  Reliable service  Reliable endpoints – although we know of spoofing and phishing.
Configuring and Managing the DNS Server Role Lesson 4.
Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.
Understand Names Resolution
Security Issues with Domain Name Systems
DNS Security.
Module 5: Resolving Host Names by Using Domain Name System (DNS)
DNS Security Issues SeongHo Cho DPNM Lab., POSTECH
IMPLEMENTING NAME RESOLUTION USING DNS
DNS Cache Poisoning Attack
DNS security.
Chapter 19 Domain Name System (DNS)
NET 536 Network Security Lecture 8: DNS Security
Chapter 25 Domain Name System
NET 536 Network Security Lecture 6: DNS Security
Chapter 25 Domain Name System
Presentation transcript:

IIT Indore © Neminath Hubballi DNS Spoofing Attack Dr. Neminath Hubballi IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi DNS Basics We are not good at remembering numbers Computers work with numbers Mapping between IP addresses and URLs is maintained as a service DNS servers does this job of transforming between these two Historically the work done by DNS servers was done with hosts.txt Every host maintains a list of mapping IP addresses and computer names Was feasible in ARPANET time Scalability became an issue IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi DNS DNS runs on port 53 Runs on UDP UDP is a connectionless protocol Makes it easy for spoofing DNS is a distributed database maintained in a hierarchical tree structure DNS Cache To improve operational efficiency DNS servers caches the resource records Positive caching Negative caching IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi DNS Working What is IP of www.google.com Root DNS Try at .com its IP is 1.1.1.1 What is IP of www.google.com What is IP of www.google.com TLD DNS Try at google.com authoritative DNS it IP is 2.2.2.2 Its IP is 3.3.3.3 1.1.1.1 What is IP of www.google.com Its IP is 3.3.3.3 Authoritative DNS 2.2.2.2 IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi DNS Components Resource Records Internet Domain Namespace Organizational Geographical Reverse domain Root DNS is at the top Root DNS is managed by Internet Name Registration Authority Top Level Domain (TLD) Bellow root DNS IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi Record Types in DNS Important ones as there are many A –Address record name to 32 bit address AAAA – Address Record name to 128 bit IPV6 address CNAME – Canonical name after receiving this reply host will query with this new request NAME TYPE VALUE bar.example.com. CNAME foo.example.com. foo.example.com. A 92.0.2.23 NS Records – Contain IP address of authoritative name server IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi Zones in DNS .com is domain Microsoft.com is a zone Zone starts as a database of single domain If other domains are added below the domain used to create the zone Subdomains can be part of same zone Dev.microsoft.com Belong to another zone Example.microsoft.com Zone is a subset of domain IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi Zone Transfer When a new DNS server is added For high availability and fault tolerance reasons It starts as a secondary DNS server All zones hosted in primary are copied to secondary IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi DNS Vulnerability Getting a wrong answer from the server Root DNS What is IP of www.google.com TLD DNS Its IP is 4.4.4.4 Authoritative DNS IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi DNS Vulnerability Someone else answers to a DNS query before the one supposed to answer What is IP of www.google.com Root DNS DNS Server Its IP is 3.3.3.3 TLD DNS Its IP is 4.4.4.4 Malicious guy Authoritative DNS IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi DNS Packet Structure IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi DNS Packet Structure IIT Indore © Neminath Hubballi

DNS Poisoning with Host.txt On a windows machine Open C:\windows\system32\drivers\etc\host.txt Add a line like 10.10.10.10 www.iiti.ac.in Open a webpage and type www.iiti.ac.in it will go elsewhere Alternatively create a .bat file with @echo off echo 10.10.10.10 www.iiti.ac.in >> C:\windows\system32\drivers\etc\host.txt exist IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi DNS Spoofing Tools Dsniff dnsspoof Example abc.com IP address is 10.0.0.1 Make it spoof to respond 100.0.1.1 In the text file dnssniff.txt write 100.0.1.1 abc.com [gateway]# dnsspoof -i eth0 -f /etc/dnssniff.txt [bash]# host abc.com abc.com has address of 100.0.1.1 IIT Indore © Neminath Hubballi

DNS Spoofing in Reality DNS Replies are verified for Coming from same IP address Coming to the same port from which request was sent Reply is for the same record as was asked in the previous question Transaction ID match IIT Indore © Neminath Hubballi

How these Verifications are Overcome Coming from same IP address Because authorative DNS server IP address can be discovered by offline queries Coming on the same port from which request was sent Many DNS servers used static port numbers Answer is the same question that was asked This is easy if attacker herself initiates a request Transaction ID match Guess it

Dan Kamnisky Attack Kamnisky Attack Flood the recursive name server with many answers One of them have to be right and it works ! The identifier is not fully random so one can predict

IIT Indore © Neminath Hubballi Dan Kaminisky Attack Ask a recursive DNS server a question which is most likely not in its cache Pick a non existing domain like rnd.india.microsoft.com With high probability name sever will contact the authorative name server of microsoft.com domain Attacker send a reply with canonical name rnd.india.microsoft.com CNAME IN www.microsoft.com www.microsoft.com A IN 68.177.102.22 IIT Indore © Neminath Hubballi

Defending DNS Spoofing Many solutions focus on increasing the entropy of DNS query component Transaction ID Port number IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi DNSSEC Security extension to DNS protocol It uses public key infrastructure to give a guarantee on who is sending the reply Use private key to digitally sign the message Use public key to verify the message Works fine as long as recipient believes in public- private key pair of sender What stops from someone generating her own key pair and replying Chain of trust relationship IIT Indore © Neminath Hubballi

How DNSSEC Works Each DNSSEC zone creates one or more pairs of public/private key(s) Public portion put in DNSSEC record type DNSKEY Zones sign all RRsets with private key(s) and resolvers use DNSKEY(s) to verify RRsets Each RRset has a signature attached to it: RRSIG So, if a resolver has a zone’s DNSKEY(s) it can verify that RRsets are intact by verifying their RRSIGs

Chain of Trust in DNSSEC Introduces 3 new resource records RRSIG Signature over RR set using private key DNSKEY Public key, needed for verifying a RRSIG DS Delegation Signer; ‘Pointer’ for building chains of authentication Authoritative DNS server sends the following with reply RR containing IP URL mapping RRSIG DNSKEY and DS Verification can proceed one level higher the hierarchy At no point a DNS server gives a DS which is bellow it Problem is effectively addressed if Root Server becomes the highest signature verifier As of July 2010 there is one signed root server up and running (http://www.root- dnssec.org/) IIT Indore © Neminath Hubballi

Key References for DNSSEC http://www.internetsociety.org/deploy360/d nssec/basics/ http://www.root-dnssec.org/ http://en.wikipedia.org/wiki/Domain_Name _System_Security_Extensions IIT Indore © Neminath Hubballi

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.