TY - GEN
T1 - Socket overloading for fun and cache-poisoning
AU - Herzberg, Amir
AU - Shulman, Haya
PY - 2013
Y1 - 2013
N2 - We present a new technique, which we call socket overloading, that we apply for off-path attacks on DNS. Socket overloading consists of short, low-rate, bursts of inbound packets, sent by off-path attacker to a victim host. Socket overloading exploits the priority assigned by the kernel to hardware interrupts, and enables an off-path attacker to illicit a side-channel on client hosts, which can be applied to circumvent source port and name server randomisation. Both port and name server randomisation are popular and standardised defenses, recommended in [RFC5452], against attacks by off-path adversaries. We show how to apply socket overloading for DNS cache poisoning and name server pinning against popular systems that support algorithms recommended in [RFC6056] and [RFC4097] respectively. Our socket overloading technique may be of independent interest, and can be applied against other protocols for different attacks.
AB - We present a new technique, which we call socket overloading, that we apply for off-path attacks on DNS. Socket overloading consists of short, low-rate, bursts of inbound packets, sent by off-path attacker to a victim host. Socket overloading exploits the priority assigned by the kernel to hardware interrupts, and enables an off-path attacker to illicit a side-channel on client hosts, which can be applied to circumvent source port and name server randomisation. Both port and name server randomisation are popular and standardised defenses, recommended in [RFC5452], against attacks by off-path adversaries. We show how to apply socket overloading for DNS cache poisoning and name server pinning against popular systems that support algorithms recommended in [RFC6056] and [RFC4097] respectively. Our socket overloading technique may be of independent interest, and can be applied against other protocols for different attacks.
KW - Challenge-response mechanisms
KW - DNS cache-poisoning
KW - DNS security
KW - I/O performance
KW - IP derandomisation
KW - Interrupts
KW - Name server pinning
KW - Off-path attacks
KW - Port derandomization
KW - Socket overloading
UR - http://www.scopus.com/inward/record.url?scp=84893245696&partnerID=8YFLogxK
U2 - 10.1145/2523649.2523662
DO - 10.1145/2523649.2523662
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84893245696
SN - 9781450320153
T3 - ACM International Conference Proceeding Series
SP - 189
EP - 198
BT - Proceedings - 29th Annual Computer Security Applications Conference, ACSAC 2013
T2 - 29th Annual Computer Security Applications Conference, ACSAC 2013
Y2 - 9 December 2013 through 13 December 2013
ER -