Presentation is loading. Please wait.

Presentation is loading. Please wait.

* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.

Published byHarold Anderson Modified over 9 years ago

Similar presentations

Presentation on theme: "* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution."— Presentation transcript:

1

2 * Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution

3 * a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network

4 * Zone * Nameserver * Authoritative Nameserver * Resolver * Recursive Nameserver * Resource Record * Delegation

5 A simple DNS query

6 What's in a DNS packet?

7 The packet in the step 7

8 What's in the cache?

9 * Step 1: * Guessing the Query ID and Port Number * Step 2: * Flooding the target nameserver

10

11 * Version 1

12 * Version 2

13 * Maximise the amount of randomness  randomizing the Port Number and Query ID  Even patched servers may still be vulnerable if an intervening firewall performs Port Address Translation in a way that un-randomizes the source ports * Disable open recusive name servers  If you must run a recursive name server, limit access to only those computers that need it. (e.g. your customers)

14  DNSSEC is the current answer to this problem

15

Download ppt "* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution."

Similar presentations

Review iClickers. Ch 1: The Importance of DNS Security.

Review iClickers. Ch 1: The Importance of DNS Security.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
DNS Security Overview AROC Guatemala July 2010. What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.

DNS Security Overview AROC Guatemala July What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
DNS Poisoning Attacks November 2005 John (Jenya) Neystadt Security Test Lead Microsoft Israel R&D.

DNS Poisoning Attacks November 2005 John (Jenya) Neystadt Security Test Lead Microsoft Israel R&D.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
1 Internet Networking Spring 2006 Tutorial 8 DNS and DHCP as UDP applications.

1 Internet Networking Spring 2006 Tutorial 8 DNS and DHCP as UDP applications.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
Hitesh Ballani, Paul Francis(Cornell University) Presenter: Zhenhua Liu Date: Mar. 16 th, 2009.

Hitesh Ballani, Paul Francis(Cornell University) Presenter: Zhenhua Liu Date: Mar. 16 th, 2009.
20101 The Application Layer Domain Name System Chapter 7.

20101 The Application Layer Domain Name System Chapter 7.
Application Layer At long last we can ask the question - how does the user interface with the network?

Application Layer At long last we can ask the question - how does the user interface with the network?
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.

Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
Intro to Computer Networks DNS (Domain Name System) Bob Bradley The University of Tennessee at Martin.

Intro to Computer Networks DNS (Domain Name System) Bob Bradley The University of Tennessee at Martin.
COEN 445 Communication Networks and Protocols Lab 3

COEN 445 Communication Networks and Protocols Lab 3
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
11.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Similar presentations

Ads by Google