Security of patched DNS

Amir Herzberg, Haya Shulman

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

52 Scopus citations

Abstract

Most caching DNS resolvers still rely for their security, against poisoning, on validating that the DNS responses contain some 'unpredictable' values, copied from the request. These values include the 16 bit identifier field, and other fields, randomised and validated by different 'patches' to DNS. We investigate the prominent patches, and show how attackers can circumvent all of them, namely: - We show how attackers can circumvent source port randomisation, in the (common) case where the resolver connects to the Internet via different NAT devices. - We show how attackers can circumvent IP address randomisation, using some (standard-conforming) resolvers. - We show how attackers can circumvent query randomisation, including both randomisation by prepending a random nonce and case randomisation (0x20 encoding). We present countermeasures preventing our attacks; however, we believe that our attacks provide additional motivation for adoption of DNSSEC (or other MitM-secure defenses).

Original languageEnglish
Title of host publicationComputer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings
Pages271-288
Number of pages18
DOIs
StatePublished - 2012
Event17th European Symposium on Research in Computer Security, ESORICS 2012 - Pisa, Italy
Duration: 10 Sep 201212 Sep 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7459 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference17th European Symposium on Research in Computer Security, ESORICS 2012
Country/TerritoryItaly
CityPisa
Period10/09/1212/09/12

Keywords

  • DNS poisoning
  • DNS security
  • DNS server selection
  • Internet security
  • Kamisky attack
  • NAT
  • Network Address Translator

Fingerprint

Dive into the research topics of 'Security of patched DNS'. Together they form a unique fingerprint.

Cite this