Presentation is loading. Please wait.

Presentation is loading. Please wait.

TODAY & TOMORROW PRESENTED BY: JAMES SPEIRS CHARLES HIGBY BRADY REDFEARN Domain Name System (DNS)

Similar presentations


Presentation on theme: "TODAY & TOMORROW PRESENTED BY: JAMES SPEIRS CHARLES HIGBY BRADY REDFEARN Domain Name System (DNS)"— Presentation transcript:

1 TODAY & TOMORROW PRESENTED BY: JAMES SPEIRS CHARLES HIGBY BRADY REDFEARN Domain Name System (DNS)

2 Overview o History o How It Works o DNS Packet Structure o DNS Features o DNS Security Evolution, Early Days o Current DNS Issues o Bailiwick Defined o Bailiwick Defined o BIND 9.6 Or Later o BIND 9.6 Or Later o Guilty Parties o DNS Exploit, Dan Kaminiski o DNS Exploit, Dan Kaminiski o BIND 8 Or Earlier o BIND 8 Or Earlier o Kaminski's Results o What Can Save Us?

3 History  Pre-DNS o Hosts file  Stanford Research Institute (SRI)  FTP

4 History Continued  1983 o Paul Mockapetris, Inventor o RFCs 882 & 883  1984 o Berkeley & UNIX o Berkeley & UNIX  1985  1985 o Kevin Dunlap, Digital Equipment Corporation (DEC) o Kevin Dunlap, Digital Equipment Corporation (DEC) o Berkeley Internet Name Domain (BIND)  1987 o RFCs1034 &1035  1990s o BIND ported to Windows NT

5 How it Works  Distributed Databases o Local machine  Hosts file  Linux - /etc/hosts  Mac - /private/etc/hosts  Windows - %SystemRoot%\system32\drivers\etc\  Local cache  Active memory  Browser cache

6 How It Works Continued  Distributed Databases o Not on local machine  UDP request  100 bytes  ISP DNS responds  ISPs ISP DNS responds  Core DNS responds

7 DNS Packet Structure

8 DNS Features  Name server responds with all sub-domains o microsoft.com, o microsoft.com, o secure.microsoft.com o update.microsoft.com  Compression (~3x)  Redundancy  Round-robin assignment  Entry expiration (3,600 seconds) o 3,600 second default o Defined by name server  The "big 13 root servers" contain main DNS entries always o.com,.net,.tv,.info,.gov,.mil, etc. o http://www.isoc.org/briefings/020/zonefile.shtml

9 DNS Security Evolution, Early Days  No bad guys in 1983  Transaction ID (TID) o Incremental counting integer o Random TID  Port 53 o Incoming port 53 o Port 53 outgoing o Random outgoing port, Dan Bernstein

10 Current DNS Issues  DNS Poisoning o First response wins o No TCP o Transaction IDs – 16-bits o Ports – 16-bits  DNS Controllers o ICANN o US Commerce Department o US Commerce Department o Verisign o Verisign o 13 core servers

11 Bailiwick  Defined o "The neighborhood of the domain"  Bailiwicked Domain Attack o In Bailiwick  microsoft.com  update.microsoft.com  security.microsoft.com  All acceptable DNS entries o Not in Bailiwick  google.com  yahoo.com  These entries are thrown away

12 BIND 9.6 Or Later Example of current version of BIND

13 Guilty Parties  Guilty Parties o Any DNS not randomizing ports o OpenWRT software  Secure Services o OpenDNS o djbdns o Simple router software

14 DNS Exploit, Dan Kaminski  Cache miss at ISP o Find DNS IPs for example.com  ns1.example.com (1.1.1.1)  ns2.example.com (1.1.1.2) o Send query of bogus machine  aaa.example.com o ISPs DNS queries example.com for fake comp  Note UDP outgoing port from ISP (7649) o Send 100 UDP packets with random TIDs to ISP at port 7649 with your IP 1.1.1.100 as location for example.com

15 BIND 8 Or Earlier Example of older versions of BIND

16 Kaminski's Results  Repeat the exploit for any domain  In 30 seconds, you control the entire domain  Works because  Works because o New IPs are in bailiwick o New IPs replace old ones at ISP o Make TTL really big  Maximum of 2,147,483,647 seconds  68+ Years  Never expires o Nothing appears wrong  URL bar is http://www.google.com  Displayed site is google.com

17 What Can Save Us?  SSL certificates o Cannot be duplicated o Must be examined  If available, force HTTPS  Most sites don't support either solution  Test your ISP o entropy.dns-oarc.net/test

18 Questions


Download ppt "TODAY & TOMORROW PRESENTED BY: JAMES SPEIRS CHARLES HIGBY BRADY REDFEARN Domain Name System (DNS)"

Similar presentations


Ads by Google