Floragasse 7 – 5th floor, 1040 Vienna

News

Haya Shulman: Towards a Secure DNS

Towards a Secure DNS (Dec 13, 2pm, SBA)

Most caching DNS resolvers still rely for their security, against poisoning, on validating that the DNS responses contain
some ‘unpredictable’ values, copied from the request. These values include the 16 bit identifier field, and other fields, randomised and validated by different ‘patches’ to DNS. We investigate the prominent patches, and show how off-path attackers can circumvent all of them, exposing the resolvers to cache poisoning attacks. We present countermeasures preventing our attacks; however, we believe that our attacks provide additional motivation for adoption of DNSSEC (or other MitM-secure defenses). We then investigate vulnerabilities in DNSSEC configuration among resolvers and zones, which reduce or even nullify the protection offered by DNSSEC. Finally we provide our recommendations and countermeasures to prevent the vulnerabilities.

Tutorial @ SBA: Towards a Secure DNS

 

 

 

 

 

 

 

 

This Website uses Cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close