DNS Security

Bab83bfeb56f1ecf13691648b35a0772?s=47 Dhaval Kapil
September 07, 2015

DNS Security

Different types of attacks concerning DNS and their mitigation

Bab83bfeb56f1ecf13691648b35a0772?s=128

Dhaval Kapil

September 07, 2015
Tweet

Transcript

  1. DNS Security Dhaval Kapil Computer Science and Engineering Department IIT

    Roorkee
  2. Flow of the presentation • About DNS • Working of

    DNS • Flaws in design of DNS • Threats involving DNS • Mitigation of these threats
  3. Domain Name Service http://www.codeguru.com/cpp/sample_chapter/article. php/c12013/Sample-Chapter-Domain-Name-System.htm

  4. About DNS • Hierarchical distributed naming system for computers •

    Mapping of 'domain name' and 'IP address' • Internet’s primary directory service
  5. Working of DNS DNS Server: ▪ Information about domain names

    stored in text files called zones ▪ Listens on UDP port 53 for name resolution queries ▪ Listens on TCP port 53 for zone transfer queries DNS Client: ▪ Runs a service - resolver ▪ Handles interaction with DNS Server for resolving domain names and IP addresses through records
  6. Flaws in the design of DNS • Designed without any

    security considerations • Was initially designed for small networks with trusted hosts • No check for authenticity and integrity added • Unfortunately with growth of network DNS remained unchanged • Resulted in lots of threats because of the above issues
  7. Threats involving DNS 1. Zone File Compromise 2. Zone Information

    Leakage/DNS Footprinting 3. DNS Amplification Attack 4. DNS Client flooding 5. DNS Cache poisoning 6. DNS Vulnerabilities in Shared Host Environments 7. DNS Man in the Middle Attacks - DNS Hijacking 8. Typosquatting
  8. Zone File Compromise • Administrator can directly interact with DNS

    Server • Command line or GUI interface provided for configuration of DNS records • In this attack, the attacker first gains direct access to the server Security measure: Restrict access to DNS server
  9. Zone Information Leakage/DNS Footprinting • Zone Transfer: DNS Server passing

    a copy of its database (called “zone”) to another DNS Server. • Slave DNS Servers ask for zone transfer from Master DNS Server • Attacker pretends to be a Slave DNS Server • DNS records reveal about the topology of the network Security measure: Restrict zone transfers to particular IP addresses or use any other kind of authentication
  10. DNS Amplification Attack • Genuine DNS servers used to perform

    DOS attack on victim host • Attacker sends DNS request packets to a genuine DNS Server with source IP spoofed as victim’s IP. • Amplified responses go to victim.
  11. DNS Client Flooding • Attacker sends a flood of DNS

    packets to the DNS server • Preferably request for invalid domains • The DNS server tries to spend all of its resources on finding the IP • Resources exhausted for legitimate requests
  12. DNS Cache Poisoning https://jfdm.host.cs.st-andrews.ac.uk/notes/netsec/

  13. DNS Vulnerabilities in Shared Host Environments http://www.net-security.org/dl/articles/Attacking_the_DNS_Protocol.pdf

  14. DNS Man in the Middle Attacks - DNS Hijacking http://www.net-security.org/dl/articles/Attacking_the_DNS_Protocol.pdf

  15. Typosquatting • The practice of registering a domain name that

    is confusingly similar to an existing popular brand • The attacker registers similar sounding domain names. • This threat does not target a particular victim.
  16. DNSSEC (Domain Name System Security Extensions) • Around 1994, the

    IETF started a discussion to make DNS secure by adding a set of extensions to it. • Backward compatibility ensured • Performance issues kept in mind • Provides authentication and integrity to DNS • Unfortunately still not widely adopted
  17. • Widespread need of DNS in internet • Original implementation

    didn’t consider security issues • No check for authenticity and integrity • To add security, IETF added security extensions DNSSEC Conclusion