Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS Cache Poisoning. History 1993 – DNS protocol allowed attacker to inject false data which was then cached 1997 – BIND 16-bit transaction ids not randomized,

PublishDulcie Norris Modified over 9 years ago

Similar presentations

Presentation on theme: "DNS Cache Poisoning. History 1993 – DNS protocol allowed attacker to inject false data which was then cached 1997 – BIND 16-bit transaction ids not randomized,"— Presentation transcript:

1 DNS Cache Poisoning

2 History 1993 – DNS protocol allowed attacker to inject false data which was then cached 1997 – BIND 16-bit transaction ids not randomized, easily guessable 2002 – BIND sends multiple recursive queries simultaneously, birthday paradox 2003 – BIND PRNG not very random

3 Basic DNS Client queries local nameserver Local nameserver queries root nameserver for authoritative nameservers for some domain Local nameserver queries authoritative nameserver Returns result to client

4 Problem DNS request sends transaction Id DNS will accepts any reply containing transaction and assuming remote IP and TCP/UDP ports match Transaction Ids are only 16-bits

5 Birthday Attack BIND sends multiple queries for the same domain name Possible to flood BIND with replies using randomly generated transaction Ids If you guess correctly, then BIND will accept your reply ~50% with 300 packets, ~100% with 700 packets

6 TCP/UDP port BIND reused same source TCP/UDP port Made it easy for attacker to “guess” the destination TCP/UDP port for the false reply Newer versions randomize source ports

7 Phase Space Analysis Determine how random PRNG is BIND 8.4.3 – predict next transaction id with only 3 previous ids BIND 9 – better, but still predictable (~20% with 5000 spoofed replies)

8 Why DNS Cache Poisoning? Redirect traffic MITM attacks

9 Defenses Upgrade to BIND 9.x Split-split DNS –Internal DNS performs recursive queries for users, and cannot be accessed from outside –External DNS does not do recursive queries –Makes it harder for attacker to guess what transaction Ids your external DNS will use

Download ppt "DNS Cache Poisoning. History 1993 – DNS protocol allowed attacker to inject false data which was then cached 1997 – BIND 16-bit transaction ids not randomized,"

Similar presentations

Review iClickers. Ch 1: The Importance of DNS Security.

Review iClickers. Ch 1: The Importance of DNS Security.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333.

Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Your 802.11 Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.

Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
DNS Poisoning Attacks November 2005 John (Jenya) Neystadt Security Test Lead Microsoft Israel R&D.

DNS Poisoning Attacks November 2005 John (Jenya) Neystadt Security Test Lead Microsoft Israel R&D.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 10 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 10 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Foundations of Network and Computer Security J J ohn Black Lecture #25 Nov 23 rd 2004 CSCI 6268/TLEN 5831, Fall 2004.

Foundations of Network and Computer Security J J ohn Black Lecture #25 Nov 23 rd 2004 CSCI 6268/TLEN 5831, Fall 2004.
DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.

DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.
Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.

Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
Foundations of Network and Computer Security J J ohn Black Lecture #36 Dec 12 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #36 Dec 12 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Similar presentations

Ads by Google