Working of DNS DNS Server: ■ Information about domain names stored in text files called zones ■ Listens on UDP port 53 for name resolution queries ■ Listens on TCP port 53 for zone transfer queries DNS Client: ■ Runs a service - resolver ■ Handles interaction with DNS Server for resolving domain names and IP addresses through records
Flaws in the design of DNS ● Designed without any security considerations ● Was initially designed for small networks with trusted hosts ● No check for authenticity and integrity added ● Unfortunately with growth of network DNS remained unchanged ● Resulted in lots of threats because of the above issues
Threats involving DNS 1. Zone File Compromise 2. Zone Information Leakage/DNS Footprinting 3. DNS Amplification Attack 4. DNS Client flooding 5. DNS Cache poisoning 6. DNS Vulnerabilities in Shared Host Environments 7. DNS Man in the Middle Attacks - DNS Hijacking 8. Typosquatting
Zone File Compromise ● Administrator can directly interact with DNS Server ● Command line or GUI interface provided for configuration of DNS records ● In this attack, the attacker first gains direct access to the server Security measure: Restrict access to DNS server
Zone Information Leakage/DNS Footprinting ● Zone Transfer: DNS Server passing a copy of its database (called “zone”) to another DNS Server. ● Slave DNS Servers ask for zone transfer from Master DNS Server ● Attacker pretends to be a Slave DNS Server ● DNS records reveal about the topology of the network Security measure: Restrict zone transfers to particular IP addresses or use any other kind of authentication
DNS Amplification Attack ● Genuine DNS servers used to perform DOS attack on victim host ● Attacker sends DNS request packets to a genuine DNS Server with source IP spoofed as victim’s IP. ● Amplified responses go to victim.
DNS Client Flooding ● Attacker sends a flood of DNS packets to the DNS server ● Preferably request for invalid domains ● The DNS server tries to spend all of its resources on finding the IP ● Resources exhausted for legitimate requests
Typosquatting ● The practice of registering a domain name that is confusingly similar to an existing popular brand ● The attacker registers similar sounding domain names. ● This threat does not target a particular victim.
DNSSEC (Domain Name System Security Extensions) ● Around 1994, the IETF started a discussion to make DNS secure by adding a set of extensions to it. ● Backward compatibility ensured ● Performance issues kept in mind ● Provides authentication and integrity to DNS ● Unfortunately still not widely adopted
● Widespread need of DNS in internet ● Original implementation didn’t consider security issues ● No check for authenticity and integrity ● To add security, IETF added security extensions DNSSEC Conclusion
dhavalkapil
shimacos
emi0726
smatsumori
isidaitc
yuyay
muraoka7
koharite
yumash3
koheishinden
icoxfog417
tathi
garrettdimon
reverentgeek
mthomps
hursman
bkeepers
chrisshort
lynnandtonic
philhawksworth
keathley
addyosmani
lauravandoore
lara