By Chris Racki. Outline  Introduction  How DNS works  A typical DNS lookup  Caching for later  Vulnerabilities of DNS  Anatomy of a cache poisoning.

Slides:

Advertisements

Similar presentations

Review iClickers. Ch 1: The Importance of DNS Security.

Advertisements

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.

SCADA Security, DNS Phishing

DNS Security Overview AROC Guatemala July What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.

1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.

Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Lee Center Workshop, May 19, 2006 Distributed Objects System with Support for Sequential Consistency.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

ISP – 8 th Recitation 3 rd exercise review Computer networks - Introduction.

Foundations of Network and Computer Security J J ohn Black Lecture #25 Nov 23 rd 2004 CSCI 6268/TLEN 5831, Fall 2004.

Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005.

Foundations of Network and Computer Security J J ohn Black Lecture #36 Dec 12 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

CSE 461 Section (Week 0x02). Port numbers for applications MAC addresses for hardware IP addresses for a way to send data in a smart, routable way.

Viruses, Phishing and Pharming Megan, Matt, Rishi.

Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

TODAY & TOMORROW PRESENTED BY: JAMES SPEIRS CHARLES HIGBY BRADY REDFEARN Domain Name System (DNS)

Welcome Today Our Topics are: DNS (The Potential Problem for Complete Anonymity) Transparent DNS Proxy (The Problem & The Solution) How To.

CS426Fall 2010/Lecture 341 Computer Security CS 426 Lecture 34 DNS Security.

T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429 Introduction to Computer Networks Lecture 18: Domain Name System Slides used with.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

CSUF Chapter 6 1. Computer Networks: Domain Name System 2.

IIT Indore © Neminath Hubballi

CS526Topic 19: DNS Security1 Information Security CS 526 Topic 19: DNS Security.

Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

What DNS is Not 0 Kylie Brown, Jordan Eberst, Danielle Franz Drew Hanson, Dennis Kilgore, Charles Newton, Lindsay Romano, Lisa Soros 0 Paul Vixie

Paper Presentation – CAP Page 2 Outline Review - DNS Proposed Solution Simulation Results / Evaluation Discussion.

HOW WEB SERVER WORKS? By- PUSHPENDU MONDAL RAJAT CHAUHAN RAHUL YADAV RANJIT MEENA RAHUL TYAGI.

Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.

DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.

TODAY & TOMORROW DAY 2 - GROUP 5 PRESENTED BY: JAMES SPEIRS CHARLES HIGBY BRADY REDFEARN Domain Name System (DNS)

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.

* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.

DNS Cache Poisoning. History 1993 – DNS protocol allowed attacker to inject false data which was then cached 1997 – BIND 16-bit transaction ids not randomized,

Summary DNS DNS Alexandra Tolbert Benefits How It Works Basics Katherine Barrios DNS Parts Phillip Nelson.

UNIT 2 LESSON 10 CS PRINCIPLES. UNIT 2 LESSON 10 OBJECTIVES Students will be able to: Describe how a system of DNS servers support IP lookups. Explain.

DNS Security Extension 1. Implication of Kaminsky Attack Dramatically reduces the complexity and increases the effectiveness of DNS cache poisoning –No.

Information-Centric Networks Section # 3.2: DNS Issues Instructor: George Xylomenos Department: Informatics.

DNS Cache Poisoning – The Next Generation by Joe Stewart, GCIH Presented by Stephen Karg CS510, Advanced Security Portland State University Oct. 24, 2005.

DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.

DNS Antidote Abhishek Madav( ) Suhas Tikoo( ) Urjit Khadilkar( )

Presented by Mark Minasi 1 SESSION CODE: WSV333.

ITU ccTLD Workshop March 3, 2003 A Survey of ccTLD DNS Vulnerabilities.

Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.

Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.

Grades update. Homework #1 Count35 Minimum Value47.00 Maximum Value Average

DNS Domain Name System By Alexandros Zampas B101 Coursework The Technology Context.

Short Intro to DNS (part of Tirgul 9) Nir Gazit. What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System.

Internet infrastructure 1. Infrastructure Security r User expectations  Reliable service  Reliable endpoints – although we know of spoofing and phishing.

Open DNS resolvers have to be closed ● Open resolvers respond to recursive queries from any host on the Internet ● Amplification DNS attack 2.

Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.

© 2013 Infoblox Inc. All Rights Reserved. Paul UKNOF 26 – 13 Sep 2013, London Paul Ebersman.

MAN-IN-THE-MIDDLE ATTACK STEGANOGRAPHY Lab# MAC Addresses and ARP  32-bit IP address:  network-layer address  used to get datagram to destination.

SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.

An Introduction To ARP Spoofing & Other Attacks

Security Issues with Domain Name Systems

Unit 5: Providing Network Services

DNS Cache Poisoning Attack

Information Security CS 526 Omar Chowdhury

Computer Networks: Domain Name System 1.

Network Security: DNS Spoofing, SQL Injection, ARP Poisoning

Firewalls Jiang Long Spring 2002.

Presentation transcript:

By Chris Racki

Outline  Introduction  How DNS works  A typical DNS lookup  Caching for later  Vulnerabilities of DNS  Anatomy of a cache poisoning  Why isn’t the security community panicked  Ok, now they’re panicked!  Mitigation  Conclusion

Introduction  Computers navigate the internet using DNS  Common requests are cached  Caching makes DNS vulnerable  When a DNS is poisoned any IP can be set to any internet address  The fix is in the chaos

How DNS Works Root Servers... Top Level Domain Servers.com.org.net.com.gov.edu.net google.com montclair.edu

A Typical DNS Lookup ISP DNS User 1. what’s the IP for Root Server.com Server google.com Server 2. what’s the IP for 3. Server Referral 4. what’s the IP for 5. Server Referral 6. what’s the IP for 7. The IP is XXX.XXX.XXX 9. The IP is XXX.XXX.XXX 10. Go to 8. Cache result

Vulnerabilities ISP DNS User 1. what’s the IP for Root Server.com Server google.com Server 2. what’s the IP for 3. Server Referral 4. what’s the IP for 5. Server Referral 6. what’s the IP for 7. The IP is XXX.XXX.XXX 8. The IP is XXX.XXX.XXX 10. Go to Cached result Go to

Anatomy of a Cache Poisoning WWhat’s the IP for IIt’s not in my cache, I have to look it up. NNow that he’s waiting for a response, it’s my chance! UUnsolicited reply… ignore. FForged reply is accepted and cached. ?... Query ID Lookup Request Forged Lookup Reply Query ID Query ID Query ID 10020Query ID forged reply

Why isn’t the security community panicked?  Attack only works when entry is not in cache  Hard to predict exactly when Time To Live will expire  Limited chances for attack

Ok, now they’re panicked!  In 2008 Dan Kaminsky improved the attack.  Attack is only possible when target is not in cache.  is almost always in the cache.  fake01.google.com is never in cache so it always triggers a lookup.  Instead of forging a single page, forge the google.com DNS server.  Now all requests for google.com domain can be redirected to attacker’s DNS server.

A More Toxic Poison ISP DNS Root Server.com Server google.com Server what’s the IP for fake01.google.com? Server Referral what’s the IP for fake01.google.com? Server Referral Forge the IP of the google.com domain DNS server Response is too slow

What’s the fix?  Make the query ID more random  Older DNS software use sequential query IDs or easily predicted random query IDs  Randomize the port and change it often  Older DNS software always uses one port

Conclusion  DNS cache poisoning is not new  There are new ways to use it  A successful DNS poisoning could be very damaging  Be alert of new threats  Thank you