* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.

Slides:



Advertisements
Similar presentations
Review iClickers. Ch 1: The Importance of DNS Security.
Advertisements

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
DNS Security Overview AROC Guatemala July What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
DNS Poisoning Attacks November 2005 John (Jenya) Neystadt Security Test Lead Microsoft Israel R&D.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
1 Internet Networking Spring 2006 Tutorial 8 DNS and DHCP as UDP applications.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
Hitesh Ballani, Paul Francis(Cornell University) Presenter: Zhenhua Liu Date: Mar. 16 th, 2009.
20101 The Application Layer Domain Name System Chapter 7.
Application Layer At long last we can ask the question - how does the user interface with the network?
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
Intro to Computer Networks DNS (Domain Name System) Bob Bradley The University of Tennessee at Martin.
COEN 445 Communication Networks and Protocols Lab 3
Domain Name Services Oakton Community College CIS 238.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.
1 Spring Semester 2009, Dept. of Computer Science, Technion Internet Networking recitation #2 DNS and DHCP.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
CSUF Chapter 6 1. Computer Networks: Domain Name System 2.
IIT Indore © Neminath Hubballi
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
14 DNS : The Domain Name System. 14 Introduction - Problem Computers are used to work with numbers Humans are used to work with names ==> IP addresses.
1 Application Layer Lecture 6 Imran Ahmed University of Management & Technology.
Chapter 13 Microsoft DNS Server n DNS server: A Microsoft service that resolves computer names to IP addresses, such as resolving the computer name Brown.
COMT 6251 Network Layers COMT Overview IP and general Internet Operations Address Mapping ATM LANs Other network protocols.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
DNS ITL see: Douglas Comer: Internetworking with TCP/IP, volume I” pages
Domain Name System CH 25 Aseel Alturki
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
Packet Filtering & Firewalls. Stateless Packet Filtering Assume We can classify a “good” packet and/or a “bad packet” Each rule can examine that single.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.
24. DNS Domain Name System address 1. Name server domain name IP address ftp.cs.mit.eduxx.xx.xx.xx 24.2 Mapping Domain Names To.
DNS Cache Poisoning. History 1993 – DNS protocol allowed attacker to inject false data which was then cached 1997 – BIND 16-bit transaction ids not randomized,
DNS Session 5 Additional Topics Joe Abley AfNOG 2006, Nairobi, Kenya.
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
DNS Domain Name Systems Theory 1. HOW DNS WORKS Theory 2.
DNS Cache Poisoning – The Next Generation by Joe Stewart, GCIH Presented by Stephen Karg CS510, Advanced Security Portland State University Oct. 24, 2005.
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
Informatics Institute of Technology 3SFE611 Network Design 1 DNS (Domain Name System) RFC1035 Why names? Computers use addresses. Humans cannot remember.
COMP2322 Lab 3 DNS Steven Lee Feb. 19, Content Understand the Domain Name System (DNS). Analyze the DNS protocol with Wireshark. 2.
DNS Cache Poisoning (pretending to be the authoritative zone) ns.example.co m Webserver ( ) DNS Caching Server Client I want to access
So DNS is A client-server application that maps domain names into their corresponding IP addresses with the help of name servers. Mapping domain names.
Grades update. Homework #1 Count35 Minimum Value47.00 Maximum Value Average
Short Intro to DNS (part of Tirgul 9) Nir Gazit. What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System.
Ben - Gurion University Department Of Communication Systems Engineering DNS For Cell Phones Yoav Peer, Eugene Volchek Instructor: Dr. Chen Avin.
© 2013 Infoblox Inc. All Rights Reserved. Paul UKNOF 26 – 13 Sep 2013, London Paul Ebersman.
Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.
Naming and Service Discovery (draft-troan-homenet-naming-and-sd) IETF 85, Nov 2012 Authors: Ole Trøan(Cisco) Shwetha Bhandari (Cisco) Stephen Orr(Cisco)
Security Issues with Domain Name Systems
DNS Security Issues SeongHo Cho DPNM Lab., POSTECH
Database backed DNS.
Chapter 25 Domain Name System.
DNS Server is…? 2CP – C Lee Kyu Don.
DNS Session 5 Additional Topics
Unit 5: Providing Network Services
DNS Cache Poisoning Attack
DNS security.
CS4622: Computer Networking
Chapter 25 Domain Name System
Chapter 25 Domain Name System.
Chapter 25 Domain Name System
Presentation transcript:

* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution

* a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network

* Zone * Nameserver * Authoritative Nameserver * Resolver * Recursive Nameserver * Resource Record * Delegation

A simple DNS query

What's in a DNS packet?

The packet in the step 7

What's in the cache?

* Step 1: * Guessing the Query ID and Port Number * Step 2: * Flooding the target nameserver

* Version 1

* Version 2

* Maximise the amount of randomness  randomizing the Port Number and Query ID  Even patched servers may still be vulnerable if an intervening firewall performs Port Address Translation in a way that un-randomizes the source ports * Disable open recusive name servers  If you must run a recursive name server, limit access to only those computers that need it. (e.g. your customers)

 DNSSEC is the current answer to this problem

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.