TY - GEN
T1 - Security of patched DNS
AU - Herzberg, Amir
AU - Shulman, Haya
PY - 2012
Y1 - 2012
N2 - Most caching DNS resolvers still rely for their security, against poisoning, on validating that the DNS responses contain some 'unpredictable' values, copied from the request. These values include the 16 bit identifier field, and other fields, randomised and validated by different 'patches' to DNS. We investigate the prominent patches, and show how attackers can circumvent all of them, namely: - We show how attackers can circumvent source port randomisation, in the (common) case where the resolver connects to the Internet via different NAT devices. - We show how attackers can circumvent IP address randomisation, using some (standard-conforming) resolvers. - We show how attackers can circumvent query randomisation, including both randomisation by prepending a random nonce and case randomisation (0x20 encoding). We present countermeasures preventing our attacks; however, we believe that our attacks provide additional motivation for adoption of DNSSEC (or other MitM-secure defenses).
AB - Most caching DNS resolvers still rely for their security, against poisoning, on validating that the DNS responses contain some 'unpredictable' values, copied from the request. These values include the 16 bit identifier field, and other fields, randomised and validated by different 'patches' to DNS. We investigate the prominent patches, and show how attackers can circumvent all of them, namely: - We show how attackers can circumvent source port randomisation, in the (common) case where the resolver connects to the Internet via different NAT devices. - We show how attackers can circumvent IP address randomisation, using some (standard-conforming) resolvers. - We show how attackers can circumvent query randomisation, including both randomisation by prepending a random nonce and case randomisation (0x20 encoding). We present countermeasures preventing our attacks; however, we believe that our attacks provide additional motivation for adoption of DNSSEC (or other MitM-secure defenses).
KW - DNS poisoning
KW - DNS security
KW - DNS server selection
KW - Internet security
KW - Kamisky attack
KW - NAT
KW - Network Address Translator
UR - http://www.scopus.com/inward/record.url?scp=84865607559&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-33167-1_16
DO - 10.1007/978-3-642-33167-1_16
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84865607559
SN - 9783642331664
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 271
EP - 288
BT - Computer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings
T2 - 17th European Symposium on Research in Computer Security, ESORICS 2012
Y2 - 10 September 2012 through 12 September 2012
ER -