Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DNS Security

Dhaval Kapil
September 07, 2015

DNS Security

Different types of attacks concerning DNS and their mitigation

Dhaval Kapil

September 07, 2015

More Decks by Dhaval Kapil

Other Decks in Research


  1. Flow of the presentation • About DNS • Working of

    DNS • Flaws in design of DNS • Threats involving DNS • Mitigation of these threats
  2. About DNS • Hierarchical distributed naming system for computers •

    Mapping of 'domain name' and 'IP address' • Internet’s primary directory service
  3. Working of DNS DNS Server: ▪ Information about domain names

    stored in text files called zones ▪ Listens on UDP port 53 for name resolution queries ▪ Listens on TCP port 53 for zone transfer queries DNS Client: ▪ Runs a service - resolver ▪ Handles interaction with DNS Server for resolving domain names and IP addresses through records
  4. Flaws in the design of DNS • Designed without any

    security considerations • Was initially designed for small networks with trusted hosts • No check for authenticity and integrity added • Unfortunately with growth of network DNS remained unchanged • Resulted in lots of threats because of the above issues
  5. Threats involving DNS 1. Zone File Compromise 2. Zone Information

    Leakage/DNS Footprinting 3. DNS Amplification Attack 4. DNS Client flooding 5. DNS Cache poisoning 6. DNS Vulnerabilities in Shared Host Environments 7. DNS Man in the Middle Attacks - DNS Hijacking 8. Typosquatting
  6. Zone File Compromise • Administrator can directly interact with DNS

    Server • Command line or GUI interface provided for configuration of DNS records • In this attack, the attacker first gains direct access to the server Security measure: Restrict access to DNS server
  7. Zone Information Leakage/DNS Footprinting • Zone Transfer: DNS Server passing

    a copy of its database (called “zone”) to another DNS Server. • Slave DNS Servers ask for zone transfer from Master DNS Server • Attacker pretends to be a Slave DNS Server • DNS records reveal about the topology of the network Security measure: Restrict zone transfers to particular IP addresses or use any other kind of authentication
  8. DNS Amplification Attack • Genuine DNS servers used to perform

    DOS attack on victim host • Attacker sends DNS request packets to a genuine DNS Server with source IP spoofed as victim’s IP. • Amplified responses go to victim.
  9. DNS Client Flooding • Attacker sends a flood of DNS

    packets to the DNS server • Preferably request for invalid domains • The DNS server tries to spend all of its resources on finding the IP • Resources exhausted for legitimate requests
  10. Typosquatting • The practice of registering a domain name that

    is confusingly similar to an existing popular brand • The attacker registers similar sounding domain names. • This threat does not target a particular victim.
  11. DNSSEC (Domain Name System Security Extensions) • Around 1994, the

    IETF started a discussion to make DNS secure by adding a set of extensions to it. • Backward compatibility ensured • Performance issues kept in mind • Provides authentication and integrity to DNS • Unfortunately still not widely adopted
  12. • Widespread need of DNS in internet • Original implementation

    didn’t consider security issues • No check for authenticity and integrity • To add security, IETF added security extensions DNSSEC Conclusion