DNS Cache Poisoning. History 1993 – DNS protocol allowed attacker to inject false data which was then cached 1997 – BIND 16-bit transaction ids not randomized,

Slides:



Advertisements
Similar presentations
Review iClickers. Ch 1: The Importance of DNS Security.
Advertisements

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
DNS Poisoning Attacks November 2005 John (Jenya) Neystadt Security Test Lead Microsoft Israel R&D.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 10 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Foundations of Network and Computer Security J J ohn Black Lecture #25 Nov 23 rd 2004 CSCI 6268/TLEN 5831, Fall 2004.
DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.
Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
Foundations of Network and Computer Security J J ohn Black Lecture #36 Dec 12 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
Domain Name System Security Extensions (DNSSEC) Hackers 2.
Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.
DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
TODAY & TOMORROW PRESENTED BY: JAMES SPEIRS CHARLES HIGBY BRADY REDFEARN Domain Name System (DNS)
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
CS426Fall 2010/Lecture 341 Computer Security CS 426 Lecture 34 DNS Security.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
CSUF Chapter 6 1. Computer Networks: Domain Name System 2.
IIT Indore © Neminath Hubballi
CS526Topic 19: DNS Security1 Information Security CS 526 Topic 19: DNS Security.
Architecture of DNS CS 718 Activity 4 Submitted by Parag Abhyankar Anup S. Kunte
By Chris Racki. Outline  Introduction  How DNS works  A typical DNS lookup  Caching for later  Vulnerabilities of DNS  Anatomy of a cache poisoning.
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
Netprog: DNS and name lookups1 Address Conversion Functions and The Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
Packet Filtering & Firewalls. Stateless Packet Filtering Assume We can classify a “good” packet and/or a “bad packet” Each rule can examine that single.
C HAPTER 6 Part 2 1 Revised sem AAB-2013.
TODAY & TOMORROW DAY 2 - GROUP 5 PRESENTED BY: JAMES SPEIRS CHARLES HIGBY BRADY REDFEARN Domain Name System (DNS)
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
Data Communications and Networks Chapter 5 – Network Services DNS, DHCP, FTP and SMTP ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.
Chapter 19 Binding Protocol Addresses (ARP) A frame transmitted across a physical network must contain the hardware address of the destination. Before.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.
CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.
DNS Session 5 Additional Topics Joe Abley AfNOG 2006, Nairobi, Kenya.
EC week Review. Rules of Engagement Teams selected by instructor Host will read the entire questions. Only after, a team may “buzz” by raise of.
DNS Cache Poisoning – The Next Generation by Joe Stewart, GCIH Presented by Stephen Karg CS510, Advanced Security Portland State University Oct. 24, 2005.
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
Grades update. Homework #1 Count35 Minimum Value47.00 Maximum Value Average
Short Intro to DNS (part of Tirgul 9) Nir Gazit. What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System.
Internet infrastructure 1. Infrastructure Security r User expectations  Reliable service  Reliable endpoints – although we know of spoofing and phishing.
© 2013 Infoblox Inc. All Rights Reserved. Paul UKNOF 26 – 13 Sep 2013, London Paul Ebersman.
MAN-IN-THE-MIDDLE ATTACK STEGANOGRAPHY Lab# MAC Addresses and ARP  32-bit IP address:  network-layer address  used to get datagram to destination.
Security Issues with Domain Name Systems
Attacking DNS Slides adapted from Olaf Kolkman, RIPE Lecture 18
DNS Security Issues SeongHo Cho DPNM Lab., POSTECH
DNS Cache Poisoning Attack
DNS security.
Information Security CS 526 Omar Chowdhury
CS4622: Computer Networking
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
COMPUTER NETWORKS PRESENTATION
(DNS – Domain Name System)
Presentation transcript:

DNS Cache Poisoning

History 1993 – DNS protocol allowed attacker to inject false data which was then cached 1997 – BIND 16-bit transaction ids not randomized, easily guessable 2002 – BIND sends multiple recursive queries simultaneously, birthday paradox 2003 – BIND PRNG not very random

Basic DNS Client queries local nameserver Local nameserver queries root nameserver for authoritative nameservers for some domain Local nameserver queries authoritative nameserver Returns result to client

Problem DNS request sends transaction Id DNS will accepts any reply containing transaction and assuming remote IP and TCP/UDP ports match Transaction Ids are only 16-bits

Birthday Attack BIND sends multiple queries for the same domain name Possible to flood BIND with replies using randomly generated transaction Ids If you guess correctly, then BIND will accept your reply ~50% with 300 packets, ~100% with 700 packets

TCP/UDP port BIND reused same source TCP/UDP port Made it easy for attacker to “guess” the destination TCP/UDP port for the false reply Newer versions randomize source ports

Phase Space Analysis Determine how random PRNG is BIND – predict next transaction id with only 3 previous ids BIND 9 – better, but still predictable (~20% with 5000 spoofed replies)

Why DNS Cache Poisoning? Redirect traffic MITM attacks

Defenses Upgrade to BIND 9.x Split-split DNS –Internal DNS performs recursive queries for users, and cannot be accessed from outside –External DNS does not do recursive queries –Makes it harder for attacker to guess what transaction Ids your external DNS will use

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.