IP フラグメンテーション攻撃と DNS flag day 2020 / fragmentation attack and flag day 2020

͜΍Ͷ !YLPZBOF *1ϑϥάϝϯςʔγϣϯ߈ܸͱ %/4GMBHEBZ %/4Թઘ൪֎ฤJOେࡕ

ൃදͷྲྀΕ ͸͡Ίʹ w %/4qBHEBZͱ͸ w *1ϑϥάϝϯςʔγϣϯ߈ܸ w qBHEBZ΁ͷରԠঢ়گ w 4"%%/4ͱͷൺֱ
w ·ͱΊ

%/4GMBHEBZ ରԠ͠·͔ͨ͠

ͦ΋ͦ΋ %/4GMBHEBZͱ͸

%/4GMBHEBZ ͸͡Ίʹ w ओʹ*1ϑϥάϝϯςʔγϣϯ͕Ҿ͖ى͜͢໰୊΁ͷରԠࡦͷ ద༻ w ೔࣌೥݄೔ w ಺༰
&%/4CV⒎FSTJ[Fͷ࡟ݮ όΠτ 5$1΁ͷରԠ ެࣜαΠτIUUQTEOTqBHEBZOFUJOEFYKBIUNM

*1ϑϥάϝϯςʔγϣϯ͕  Ҿ͖ى͜͢໰୊ 㲈*1ϑϥάϝϯςʔγϣϯ߈ܸ

֓ཁ *1ϑϥάϝϯςʔγϣϯ߈ܸ w ΩϟογϡϙΠζχϯά߈ܸͷͻͱͭ )FS[CFSH 4IVMNBO͕೥ʹ࿦จൃද <> w ϑϥάϝϯτͨ͠%/4Ԡ౴ͷҰ෦Λࠩ͠ସ͑
ୈҰϑϥάϝϯτศ৐߈ܸ΍ΞΠίϥ߈ܸͱΑ͹ΕΔ͜ͱ΋ w ࣮ࡍͷܦ࿏.56ΑΓখ͍͞αΠζͰ΋߈ܸՄೳ 3*1&Ͱ)MBWBDFL͕ൃද <> w ϙʔτϥϯμϚΠζͳͲͷैདྷͷରࡦ͕ແޮ <>IUUQTBSYJWPSHBCT <>IUUQTVDTCJVBDJMdIFS[CFBTFDVSJUZGSBHQEG <>IUUQTJFFFYQMPSFJFFFPSHEPDVNFOU <>IUUQTSJQFSJQFOFUQSFTFOUBUJPOTJQGSBHBUUBDLQEG

Πϝʔδ *1ϑϥάϝϯςʔγϣϯ߈ܸ ୈϑϥάϝϯτ *1ϔομ 6%1ϔομ %/4ϝοηʔδͷҰ෦ ਖ਼نͷୈϑϥάϝϯτ *1ϔομ %/4ϝοηʔδͷ࢒Γ
ୈϑϥάϝϯτ ِ૷ͨ͠ୈϑϥάϝϯτ *1ϔομ %/4ϝοηʔδͷ࢒Γ ਖ਼نͷݖҖαʔό͕ૹ৴͢Δύέοτ ߈ܸऀ͕ૹ৴͢Δύέοτ ߈ܸऀ͸ૹ৴͠ͳ͍ ਖ਼نͷԠ౴Λͦͷ··࢖༻ ผͷ಺༰ʹॻ͖׵͑ͨύέοτΛૹ৴ ِ૷ͨ͠ϑϥάϝϯτͱ ϦΞηϯϒϧِͤͯ͞ͷ Ԡ౴Λੜ੒

߈ܸͷྫ *1ϑϥάϝϯςʔγϣϯ߈ܸ ਖ਼نͷԠ౴ ِ૷ͨ͠Ԡ౴ ;; ADDITIONAL SECTION: ns1.nodnssec.exp. 86400
IN A 192.168.11.7 ns2.nodnssec.exp. 86400 IN A 192.168.11.8 ;; ADDITIONAL SECTION: ns1.nodnssec.exp. 86400 IN A 192.168.13.1 ns2.nodnssec.exp. 85389 IN A 192.168.13.1

߈ܸखॱ *1ϑϥάϝϯςʔγϣϯ߈ܸ Ϧκϧό ݖҖαʔό ߈ܸऀ ᶃِ૷ͨ͠ ୈϑϥάϝϯτΛૹ৴ ᶄ໊લղܾཁٻ ᶅඇ࠶ؼ໰͍߹Θͤ
ᶆୈϑϥάϝϯτΛૹ৴ ᶇୈϑϥάϝϯτΛૹ৴ ߈ܸ੒ޭͷ৔߹ɺᶇ͸ ϦΞηϯϒϧ͞Εͳ͍ ᶃͷύέοτͱ*1*%͕Ұக ͢Δ৔߹͸߈ܸ੒ޭ ᶃͱᶆ͕ϦΞηϯϒϧ

λʔήοτ *1ϑϥάϝϯςʔγϣϯ߈ܸ w %/4PWFS6%1PWFS*1W w ݪཧతʹ͸*1W 5$1Ͱ΋Մೳ Ͱ΋͋·ΓૂΘΕͳ͍ ཧ༝͸ޙड़

ؔ܎͢Δϓϩτίϧɾػೳ *1ϑϥάϝϯςʔγϣϯ߈ܸ 6%1DIFDLTVN %/4%/44&$ &%/4 *1BEESFTT *EFOUJpDBUJPO qBHT P⒎TFU
*$.11BUI.56%JTDPWFSZ

%/44&$ *1ϑϥάϝϯςʔγϣϯ߈ܸ $ dig chukyo-u.ac.jp @a.dns.jp +dnssec (snip) ;;
flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;chukyo-u.ac.jp. IN A ;; AUTHORITY SECTION: chukyo-u.ac.jp. 86400 IN NS ns2.dc.ctc.ad.jp. chukyo-u.ac.jp. 86400 IN NS ns1.hs.ctc.jp. VJOG7GHBNE2GMJQ72U7J8DJBR9ECELQM.jp. 900 IN NSEC3 1 1 5 45EC942BAF VK94EPKGG2VSRBNU7V334S7O652C3M9K TXT RRSIG VJOG7GHBNE2GMJQ72U7J8DJBR9ECELQM.jp. 900 IN RRSIG NSEC3 8 2 900 20210111174503 20201212174503 18321 jp. tm6tSRCyhQyX0DiG25WVBDMIOtQ/QFC2tw0w1zTiBnvhfCfAhm0Rx8jk FDiRJonL/IDnPkJ7/ cE67fiuX0z8zcetIxlsjyOqn6HPzPjl2yb8JuLP SW5vvswZ0FDF09/6ZhmD1E/K6bu4BQW3nIuiqt8EF5K0JVVNA/XvS9a+ /cs= 9KH0DHR7PFV2TKURF2493MN2THE8GAPR.jp. 900 IN NSEC3 1 1 5 45EC942BAF 9KTFU2AI6RE43JIMPB56SAA33GIFG075 TXT RRSIG 9KH0DHR7PFV2TKURF2493MN2THE8GAPR.jp. 900 IN RRSIG NSEC3 8 2 900 20210111174503 20201212174503 18321 jp. jUqxDzJVq9VxqfKpOWCLNkhX/8CkuB1XkKp0GTzJHRmjk2oVs0ffkHEt 0nuLS9bMkfcg3NWC26r0j0DbKxx2P6pIlOFxjfI00h2/ OyCYR6C388R+ FUiOT4UX9w+LjktmLnz6Cb2bkw8nHaxIjKGEn7oELcfF0wCWqJQEsxq+ 0PE= ;; ADDITIONAL SECTION: ns2.dc.ctc.ad.jp. 86400 IN A 218.216.176.115 (snip) ;; MSG SIZE rcvd: 604 %0Ϗοτ͕Φϯʹͳ͍ͬͯΔͱ ॺ໊ݕূ͍ͯ͠ͳͯ͘΋334*( /4&$ ϨίʔυͳͲ͕͍ͭͨ Ԡ౴͕ฦͬͯ͘Δ

&%/4 *1ϑϥάϝϯςʔγϣϯ߈ܸ $ dig chukyo-u.ac.jp @a.dns.jp +dnssec (snip) ;;
flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;chukyo-u.ac.jp. IN A ;; AUTHORITY SECTION: chukyo-u.ac.jp. 86400 IN NS ns2.dc.ctc.ad.jp. chukyo-u.ac.jp. 86400 IN NS ns1.hs.ctc.jp. VJOG7GHBNE2GMJQ72U7J8DJBR9ECELQM.jp. 900 IN NSEC3 1 1 5 45EC942BAF VK94EPKGG2VSRBNU7V334S7O652C3M9K TXT RRSIG VJOG7GHBNE2GMJQ72U7J8DJBR9ECELQM.jp. 900 IN RRSIG NSEC3 8 2 900 20210111174503 20201212174503 18321 jp. tm6tSRCyhQyX0DiG25WVBDMIOtQ/QFC2tw0w1zTiBnvhfCfAhm0Rx8jk FDiRJonL/IDnPkJ7/ cE67fiuX0z8zcetIxlsjyOqn6HPzPjl2yb8JuLP SW5vvswZ0FDF09/6ZhmD1E/K6bu4BQW3nIuiqt8EF5K0JVVNA/XvS9a+ /cs= 9KH0DHR7PFV2TKURF2493MN2THE8GAPR.jp. 900 IN NSEC3 1 1 5 45EC942BAF 9KTFU2AI6RE43JIMPB56SAA33GIFG075 TXT RRSIG 9KH0DHR7PFV2TKURF2493MN2THE8GAPR.jp. 900 IN RRSIG NSEC3 8 2 900 20210111174503 20201212174503 18321 jp. jUqxDzJVq9VxqfKpOWCLNkhX/8CkuB1XkKp0GTzJHRmjk2oVs0ffkHEt 0nuLS9bMkfcg3NWC26r0j0DbKxx2P6pIlOFxjfI00h2/ OyCYR6C388R+ FUiOT4UX9w+LjktmLnz6Cb2bkw8nHaxIjKGEn7oELcfF0wCWqJQEsxq+ 0PE= ;; ADDITIONAL SECTION: ns2.dc.ctc.ad.jp. 86400 IN A 218.216.176.115 (snip) ;; MSG SIZE rcvd: 604 w %/4ͷ֦ு 3'$ w *1W %/44&$Ͱ͸ରԠඞਢ w 6%1Ͱ΋όΠτΛ௒͑Δ Ԡ౴ΛॲཧͰ͖Δ ࠷େόΠτ

%/44&$&%/4ͷӨڹ *1ϑϥάϝϯςʔγϣϯ߈ܸ $ dig chukyo-u.ac.jp @a.dns.jp +dnssec (snip) ;;
flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;chukyo-u.ac.jp. IN A ;; AUTHORITY SECTION: chukyo-u.ac.jp. 86400 IN NS ns2.dc.ctc.ad.jp. chukyo-u.ac.jp. 86400 IN NS ns1.hs.ctc.jp. VJOG7GHBNE2GMJQ72U7J8DJBR9ECELQM.jp. 900 IN NSEC3 1 1 5 45EC942BAF VK94EPKGG2VSRBNU7V334S7O652C3M9K TXT RRSIG VJOG7GHBNE2GMJQ72U7J8DJBR9ECELQM.jp. 900 IN RRSIG NSEC3 8 2 900 20210111174503 20201212174503 18321 jp. tm6tSRCyhQyX0DiG25WVBDMIOtQ/QFC2tw0w1zTiBnvhfCfAhm0Rx8jk FDiRJonL/IDnPkJ7/ cE67fiuX0z8zcetIxlsjyOqn6HPzPjl2yb8JuLP SW5vvswZ0FDF09/6ZhmD1E/K6bu4BQW3nIuiqt8EF5K0JVVNA/XvS9a+ /cs= 9KH0DHR7PFV2TKURF2493MN2THE8GAPR.jp. 900 IN NSEC3 1 1 5 45EC942BAF 9KTFU2AI6RE43JIMPB56SAA33GIFG075 TXT RRSIG 9KH0DHR7PFV2TKURF2493MN2THE8GAPR.jp. 900 IN RRSIG NSEC3 8 2 900 20210111174503 20201212174503 18321 jp. jUqxDzJVq9VxqfKpOWCLNkhX/8CkuB1XkKp0GTzJHRmjk2oVs0ffkHEt 0nuLS9bMkfcg3NWC26r0j0DbKxx2P6pIlOFxjfI00h2/ OyCYR6C388R+ FUiOT4UX9w+LjktmLnz6Cb2bkw8nHaxIjKGEn7oELcfF0wCWqJQEsxq+ 0PE= ;; ADDITIONAL SECTION: ns2.dc.ctc.ad.jp. 86400 IN A 218.216.176.115 (snip) ;; MSG SIZE rcvd: 604 w Ԡ౴͕ϑϥάϝϯτ͢ΔཁҼʹ 6%1Ͱॲཧ͢ΔԠ౴αΠζ͕ େ͖͘ͳΔ ॺ໊ݕূ͠ͳ͍ͳΒ334*( /4&$ ͳͲ͸ෆཁ ‣ Ԡ౴αΠζ͕૿͑Δ͚ͩ ‣ ʹ΋ؔΘΒͣ%0ϏοτΛΦϑ ʹͰ͖ͳ͍࣮૷͕͋Δ 6OCPVOEͱ͔ ॺ໊ݕূ͠ͳ͍ͳΒෆཁ

w 6%1ٖࣅϔομɺ6%1ϔομɺϖΠϩʔυ͔Βܭࢉ ߈ܸऀ͸͜ͷ஋ΛҰகͤ͞ͳ͍ͱ͍͚ͳ͍ TPVSDFBEESFTT EFTUJOBUJPOBEESFTT [FSP QSPUPDPM 6%1MFOHUI TPVSDFQPSU
EFTUJOBUJPOQPSU -FOHUI $IFDLTVN QBZMPBE 6%1νΣοΫαϜ *1ϑϥάϝϯςʔγϣϯ߈ܸ 6%1ٖࣅϔομ 6%1ϔομ

6%1νΣοΫαϜ *1ϑϥάϝϯςʔγϣϯ߈ܸ w ܭࢉํ๏ͷิ਺࿨ͷͷิ਺ ྫ03 64 6e 73 c0
0c 03 64 6e 73 c0 0c 01 31 e3 31 e4 ᶃ όΠτͣͭՃࢉ ᶄ ্ܻ͕ΓΛ࠷ԼҐʹՃࢉ 01 31 e3 ᶅ ͷิ਺ΛٻΊΔ ൱ఆ ce 1b ^ 31 e4 νΣοΫαϜ

6%1νΣοΫαϜͷِ૷ *1ϑϥάϝϯςʔγϣϯ߈ܸ w νΣοΫαϜ͸ຖճมԽ w Ԡ౴಺༰ͱϑϥάϝϯτҐஔ͕ҰఆͳΒɺ൪໨Ҏ߱ͷ ϖΠϩʔυ͸ෆม w ϑϥάϝϯτ͝ͱʹิ਺࿨ͷܭࢉ͕Ұக͢Ε͹Α͍ w
߈ܸऀ͸ࣄલʹԠ౴Λ༻ҙͯ͠  νΣοΫαϜ͕Ұக͢ΔΑ͏ʹ  ِ૷Ͱ͖Δ ͳΒ͹ ͷิ਺࿨ Csum = Csum1 + Csum2 Csum′ = Csum1 + Csum′ 2 Csum2 = Csum′ 2 Csum = Csum′ Csum :

6%1νΣοΫαϜͷِ૷ *1ϑϥάϝϯςʔγϣϯ߈ܸ 2 όΠτͣͭՃࢉͨ͠߹ܭ஋: 0x22f5f3 2 όΠτͣͭՃࢉͨ͠߹ܭ஋: 0x3f612 1
ͷิ਺࿨: 0xf615 1 ͷิ਺࿨: 0xf615 ਖ਼نԠ౴ͷྫ ِ૷Ԡ౴ͷྫ

w ܦ࿏্ͷ.56Λ୳ࡧͯ͠ૹ৴ݩͰϑϥάϝϯτ ܦ࿏్தͰͷϑϥάϝϯςʔγϣϯΛ཈੍ *1WͰ͸ΤϯυϊʔυͰϑϥάϝϯτͤ͞Δ 1BUI.56%JTDPWFSZ *1ϑϥάϝϯςʔγϣϯ߈ܸ
ᶃMFOX%'qBH ᶄ*$.1UZQF DPEF .56 ᶅGSBHNFOUFEQBDLFUT

1BUI.564QPPGJOH *1ϑϥάϝϯςʔγϣϯ߈ܸ w ֎෦͔Βِ૷*$.1ύέοτΛૹ৴ ϑϥάϝϯτΛ༠ൃ w *1Wʹ͓͚ΔӨڹ -JOVY͋Γ
,FSOFMͰ֬ೝ 'SFF#4%ͳ͠ ߈ܸऀ Ϧκϧό ݖҖαʔό ૹ৴ݩΛϦκϧό ʹِ૷ͨ͠ΫΤϦΛ ૹ৴ Ϩεϙϯε ِ૷*$.1 ύέοτͷૹ৴

*1ϔομ *1ϑϥάϝϯςʔγϣϯ߈ܸ w ΞυϨεɺϑϥάɺΦϑηοτͳͲΛҰகͤ͞Δ 7FSTJPO *)- 5ZQFPG4FSWJDF 5PUBM-FOHUI *EFOUJpDBUJPO
% ' . ' 'SBHNFOU0⒎TFU 5JNFUP-JWF 1SPUPDPM )FBEFS$IFDLTVN 4PVSDF"EESFTT %FTUJOBUJPO"EESFTT 0QUJPOT 1BEEJOH *1Wϔομ

*1*EFOUJGJDBUJPO *1ϑϥάϝϯςʔγϣϯ߈ܸ w *1WϏοτ w ߈ܸऀ͸༧ଌ͢Δඞཁ͕͋Δ 7FSTJPO *)- 5ZQFPG4FSWJDF
5PUBM-FOHUI *EFOUJpDBUJPO % ' . ' 'SBHNFOU0⒎TFU 5JNFUP-JWF 1SPUPDPM )FBEFS$IFDLTVN 4PVSDF"EESFTT %FTUJOBUJPO"EESFTT 0QUJPOT 1BEEJOH

*1*EFOUJGJDBUJPO *1ϑϥάϝϯςʔγϣϯ߈ܸ w ͜ͷ஋͚ͩ༧ଌ͢Ε͹Α͍ w ߈ܸͷΤϯτϩϐʔ͕Ϗοτʹ௿Լ 7FSTJPO *)- 5ZQFPG4FSWJDF
5PUBM-FOHUI *EFOUJpDBUJPO % ' . ' 'SBHNFOU0⒎TFU 5JNFUP-JWF 1SPUPDPM )FBEFS$IFDLTVN 4PVSDF"EESFTT %FTUJOBUJPO"EESFTT 0QUJPOT 1BEEJOH *1Wϔομ

ϑϥάϝϯτύέοτͷѻ͍ *1ϑϥάϝϯςʔγϣϯ߈ܸ w ͢΂ͯͷϑϥάϝϯτΛड৴͢Δ·ͰҰఆ࣌ؒόοϑΝϦϯά -JOVYσϑΥϧτͰඵ w ड৴ॱং͸ؔ܎ͳ͍ ઌʹୈϑϥάϝϯτΛड৴ͯ͠΋Α͍
w όοϑΝαΠζʹ͸্ݶ͋Γ -JOVYσϑΥϧτͰύέοτ ‎߈ܸऀ͕ઌʹِ૷ϑϥάϝϯτΛόοϑΝ্ݶ·Ͱૹ৴Ͱ͖Δ

͜͜·Ͱͷ·ͱΊ *1ϑϥάϝϯςʔγϣϯ߈ܸ w %/44&$ &%/4͕Ԡ౴αΠζ૿ՃͷཁҼ w 6%1νΣοΫαϜ͸ِ૷Ͱ͖Δ w 1BUI.56TQPPpOHͰ.56ΑΓখ͍͞αΠζͰͷϑϥά ϝϯτΛ༠ൃ
w ߈ܸऀ͸ઌճΓͯ͠߈ܸͰ͖Δ w *1*EFOUJpDBUJPO͚ͩ͸༧ଌ͢Δඞཁ͕͋Δ

*1W΍5$1ͷ৔߹͸ *1ϑϥάϝϯςʔγϣϯ߈ܸ w *1W*1*EFOUJpDBUJPO͕Ϗοτ ैདྷͷ߈ܸͱൺֱͯ͠Τϯτϩϐʔͷ͕ࠩͳ͍ ‣ 6%1ιʔεϙʔτ Ϗοτ ͱτϥϯβΫγϣϯ*%
Ϗοτ ͷ ߹ܭͱಉ͡ w 5$11BUI.56TQPPpOH͢ΔͱϑϥάϝϯτͰ͸ͳ͘ ηάϝϯςʔγϣϯ͢Δ ൪໨Ҏ߱ͷύέοτʹ΋5$1ϔομ͕ೖΔ

ΞλοΫϕΫλ

.56ͱϑϥάϝϯτҐஔ ΞλοΫϕΫλ w .56*1W͸όΠτҎ্ -JOVY*1W1BUI.56࠷খ஋͸όΠτ w 1.56TQPPpOHͰ͸6%1ϔομͷҐஔ͔ΒόΠτ୯Ґ ͰϑϥάϝϯτҐஔͷௐ੔͕Մೳ
1BUI.56͕όΠτͳΒόΠτͷύέοτ͕ૹ৴ ‎ROBNFͰඍௐ੔

ϑϥάϝϯτύέοτͷِ૷ ΞλοΫϕΫλ w ιʔεϙʔτ΍%/4)FBEFS 2VFTUJPOηΫγϣϯ͸࠷ॳͷ ϑϥάϝϯτʹ͋Δ ߟྀ͠ͳͯ͘Α͍͕มߋ΋Ͱ͖ͳ͍ ֤ηΫγϣϯͷ33਺΋Ұகͤ͞ͳ͍ͱ͍͚ͳ͍
w ߈ܸʹ࢖͏Ԡ౴಺༰Λߟྀ͠ͳ͍ͱ͍͚ͳ͍

߈ܸྫ ΞλοΫϕΫλ w ҕৡԠ౴ͷࠩ͠ସ͑ w TJCMJOHEPNBJOͷHMVFϨίʔυͷࠩ͠ସ͑ w ൱ఆԠ౴ͷࠩ͠ସ͑ w ͦͷଞ
ϫΠϧυΧʔυΛૂ͏ Θ͟ͱϦΞηϯϒϧΛࣦഊͤ͞Δ %P4

ҕৡԠ౴ͷࠩ͠ସ͑ ΞλοΫϕΫλ w ॺ໊κʔϯ͔Βະॺ໊κʔϯ΁ͷҕৡԠ౴Λ߈ܸ ॺ໊ݕূ༗ޮ࣌Ͱ΋߈ܸՄೳͳέʔε΋ ‣ /4&$0QU0VU͕༗ޮͳκʔϯͷ0QU0VU۠ؒ΁ͷҕৡ ‣ ॺ໊πʔϧʹґଘ
w ର৅κʔϯ͕Ωϟογϡʹଘࡏ͠ͳ͍৔߹ʹ༗ޮ w େྔͷ/4Λ࣋ͭ৔߹΍/4ͷϥϕϧ͕௕͍৔߹͸ΑΓةݥ /4&$334*(͕ͳͯ͘΋ϑϥάϝϯτͤ͞ΒΕΔՄೳੑ

ҕৡԠ౴ͷࠩ͠ସ͑ ΞλοΫϕΫλ ࠩ͠ସ͑ର৅ͷϨίʔυ ਖ਼نԠ౴ ِ૷Ԡ౴ 55-ʹΑΔ νΣοΫαϜͷௐ੔ *1ΞυϨεͷஔ͖͔͑

TJCMJOHEPNBJOͷHMVFϨίʔυͷࠩ͠ସ͑ ΞλοΫϕΫλ w ߈ܸऀࣗ਎͕υϝΠϯ໊Λ༻ҙ TJCMJOHEPNBJOͷ/4ʹҕৡ ͍ͯ͠ΔΑ͏ʹΈ͔͚ͤ "EEJUJPOBMηΫγϣϯͷ  """""ϨίʔυΛِ૷
w ِ૷ର৅ͷϨίʔυ͕͢Ͱʹ  Ωϟογϡ͞Ε͍ͯΔ৔߹ʹ  ্ॻ͖Մೳ͔Ͳ͏͔͸࣮૷ґଘ TJCMJOHEPNBJOͷ/4Ϩίʔυ ஔ͖׵͑ର৅ͷϨίʔυ

൱ఆԠ౴ͷࠩ͠ସ͑ ΞλοΫϕΫλ w ϝδϟʔͳ044࣮૷͸ରࡦࡁΈ #*/% ,OPU3FTPMWFS͸Өڹͳ͠ #*/%1 ,OPU3FTPMWFSͰ֬ೝ
6OCPVOE <> 1PXFS%/43FDVSTPS <>Ͱमਖ਼ࡁΈ w ॺ໊κʔϯ΁%0ϏοτΛΦϯʹͯ͠໰͍߹ΘͤΔ৔߹Λ૝ఆ w Өڹ ॺ໊ະݕূυϝΠϯϋΠδϟοΫ ॺ໊ݕূ࣌/4&$0QU0VU۠ؒ΁αϒυϝΠϯΠϯδΣΫγϣϯͰ͖ΔՄೳੑ w ࿈ଓ߈ܸ͕Մೳ <>IUUQTXXXOMOFUMBCTOMOFXT%FDVOCPVOESFMFBTFE <>IUUQTHJUIVCDPN1PXFS%/4QEOTQVMM

൱ఆԠ౴ͷࠩ͠ସ͑ ΞλοΫϕΫλ w ҎԼʹج͍ͮͨ߈ܸ 3'$ͷSBOLJOHEBUB 3'$ͷ൱ఆԠ౴ͷྫ ݖҖ͋ΔԠ౴ͷ"OTXFSηΫγϣϯʹؚ·ΕΔݖҖ͋Δσʔλ
ݖҖ͋ΔԠ౴ͷ"VUIPSJUZηΫγϣϯʹؚ·ΕΔσʔλ ݖҖͷͳ͍Ԡ౴ͷ"OTXFSηΫγϣϯͷσʔλ ݖҖ͋ΔԠ౴ͷ"OTXFSηΫγϣϯʹؚ·ΕΔݖҖͷͳ͍σʔλ ݖҖ͋ΔԠ౴ͷ"EEJUJPOBMηΫγϣϯͷσʔλ ݖҖͷͳ͍Ԡ౴ͷ"VUIPSJUZηΫγϣϯͷσʔλ ݖҖͷͳ͍Ԡ౴ͷ"EEJUJPOBMηΫγϣϯͷσʔλ ৴པ౓ ߴ ௿ 3'$SBOLJOHEBUB

൱ఆԠ౴ͷࠩ͠ସ͑ ΞλοΫϕΫλ w ҎԼʹج͍ͮͨ߈ܸ 3'$ͷSBOLJOHEBUB 3'$ͷ൱ఆԠ౴ͷྫ )FBEFS
3%$0%&/9%0."*/ 2VFSZ "/&9".1-&" "OTXFS FNQUZ "VUIPSJUZ &9".1-&40"/499)045."45&3/499 &9".1-&/4/499 &9".1-&/4/499 "EEJUJPOBM FNQUZ 3'$ͷ൱ఆԠ౴ͷྫΛࢀߟʹͨ͠දه ͜ΕΛ࠶ݱ Ԡ౴ͷྫ͕ޡ͍ͬͯͨͷͰ3'$Λࢀߟʹͨ͠΋ͷʹमਖ਼͠·ͨ͠ɻ ͳ͓ɺ3'$ͷ/9%0."*/ͷྫͦͷ··Ͱ͸/4Ϩίʔυ͕֎෦໊ͱͳ͍ͬͯΔͨΊ༗ޮͳಟʹͳΓ·ͤΜɻ

൱ఆԠ౴ͷࠩ͠ସ͑ ΞλοΫϕΫλ ਖ਼نԠ౴ ࠩ͠ସ͑ର৅ͷϨίʔυ

൱ఆԠ౴ͷࠩ͠ସ͑ ΞλοΫϕΫλ ِ૷Ԡ౴ 差し替え後のレコード EDNS パディングオプションによるメッセージサイズとチェックサムの調整

ରࡦ

ݖҖɾϦκϧό૒ํͷରࡦ ରࡦ w ׬શͳରࡦ͸ࠔ೉ %'ϑϥάΛཱͯΔͱ.56ͷখ͍͞ܦ࿏Ͱ෭࡞༻ ‣ Ԡ౴Λड৴Ͱ໊͖ͣલղܾ͕ࣦഊ͢ΔՄೳੑ w ؇࿨ࡦ
&%/4CV⒎FSTJ[FΛখ͘͞͠ɺେ͖͍Ԡ౴͸5$1ϑΥʔϧόοΫ ‣ qBHEBZͰ͸όΠτΛਪ঑ ‣ චऀΒ͸όΠτΛਪ঑

ݖҖɾϦκϧό૒ํͷରࡦ ରࡦ w %/44&$΁ͷ׬શͳରԠ /4&$0QU0VU΋ແޮʹ ීٴ్্͕ةݥ ‣ Ϧκϧόͷ%0Ϗοτ͕༗ޮͩͱະॺ໊κʔϯ΁ͷҕৡԠ౴ʹ/4&$
334*(͕෇Ճ ‣ 4IVMNBOΒ<> ͷࢦఠ "incremental DNSSEC deployment is vulnerable to our cache poisoning attacks, and complete adoption of DNSSEC may take considerable time, since it depends on adoption by both name server and resolver."

ݖҖαʔόଆ ରࡦ w 1.56%ͷ݁ՌΛແࢹ -JOVY,FSOFMҎ߱ͷIP_PMTUDISC_OMITιέοτΦϓγϣϯΛ༗ޮʹ 04ͱݖҖαʔό࣮૷྆ํͷରԠ͕ඞཁ ‣ #*/%Ҏ߱<>
‣ /4%Ҏ߱<> ‣ ,OPU%/4Ҏ߱<> ‣ 1PXFS%/4SDҎ߱<> <>IUUQTXXXJTDPSHCMPHTCJOEBQSJM <>IUUQTXXXOMOFUMBCTOMQSPKFDUTOTEEPXOMPBEOTE <>IUUQTXXXLOPUEOTD[WFSTJPOIUNM <>IUUQTEPDQPXFSEOTDPNBVUIPSJUBUJWFDIBOHFMPHIUNMDIBOHFSD

Ϧκϧόଆ ରࡦ w ϑϥάϝϯτͨ͠Ԡ౴Λυϩοϓ w ॺ໊ݕূ͠ͳ͍৔߹͸%0ϏοτΛΦϑʹ 334*(΍/4&$͸ෆཁ ϝοηʔδαΠζΛ࡟ݮ

ͦͷଞͷ؇࿨ࡦ ରࡦ w 2/".&NJOJNJTBUJPO &NQUZ/PO5FSNJOBMͳͲ෭࡞༻͋Γ w ֤κʔϯͷ/4 """""ϨίʔυΛ"VUIPSJUBUJWF "OTXFSͱͯ͠Ωϟογϡ
ΑΓߴ͍৴པ౓ͷԠ౴ΛಘΔ ‣ 3'$TFDUJPO3BOLJOHEBUB Ωϟογϡͷ্ॻ͖Λ๷ࢭ

&%/4CVGGFSTJ[F ରࡦ w WT ͩͱ-JOVYͰ1.56TQPPpOHͰ߈ܸͰ͖ΔՄೳੑ͕࢒Δ ͸5$1ϑΥʔϧόοΫ͕૿Ճͯ͠ύϑΥʔϚϯε͕௿Լ͢Δ Մೳੑ

CVGGFSTJ[F࡟ݮ΋৔߹ʹΑͬͯ͸ʜ ରࡦ w ݖҖαʔό࣮૷ʹΑͬͯ ෭࡞༻͋Γ ஸ౓HMVFϨίʔυͷखલ ·ͰͷόοϑΝαΠζʹ ͳ͍ͬͯΔ৔߹
HMVFϨίʔυ͕ඞཁͳͷ ʹ͍ͭͯ͜ͳ͍ 5$Ϗοτ΋ཱͬͯͳ͍ ҕৡԠ౴ HMVF͕ͳ͍

ͲΕ͘Β͍ରԠͯ͠Δͷ͔

ௐࠪ ରԠঢ়گ w ର৅"MFYBUPQ.ͷ্ҐυϝΠϯ w ಺༰%/4qBHEBZ΁ͷରԠঢ়گ 5$1ΫΤϦʹԠ౴͢Δ͔ όοϑΝαΠζͷઃఆ஋͕Ͳ͏ͳ͍ͬͯΔ͔

νΣοΫͰ͖ͨυϝΠϯ਺ɾαʔό਺ ରԠঢ়گ ݄຤ ݄த० ݄ॳ० υϝΠϯ਺
ݖҖαʔό਺

݁Ռ ରԠঢ়گ w 5$1 ׂҎ্ରԠࡁΈ ݄
݄ ݄ ݄ ݄ ݄ ݖҖαʔό͝ͱ υϝΠϯ໊͝ͱ Ԡ౴͋Γ Ԡ౴ͳ͠

ௐࠪ݁Ռ ରԠঢ়گ w &%/4CV⒎FSTJ[F ͕࠷ଟɺ͕एׯ૿Ճ܏޲͕ͩ΄ͱΜͲมԽͳ͠
ݖҖαʔό͝ͱ ݄ ݄ ݄ ݄ ݄ ݄ υϝΠϯ໊͝ͱ ͦͷଞ ඇରԠ

ͱ͜ΖͰ 4"%%/4ͱͷҧ͍͸

߈ܸ֓ཁ 4"%%/4 w *$.1SBUFMJNJUΛѱ༻ͯ͠ιʔεϙʔτΛεΩϟϯ QSPCFύέοτΛHMPCBMSBUFMJNJU্ݶ·Ͱ  ૹ৴ ֬ೝ༻ͷύέοτʹରͯ͠*$.1QPSU  VOSFBDIBCMF͕ฦͬͯ͜Ε͹QSPCFͨ͠ 
͏ͪͷͲ͔͕͜։͍͍ͯΔ ೋ෼୳ࡧͰߜΓࠐΉ w ैདྷܕͷΩϟογϡϙΠζχϯάΛޮ཰త  ʹ࣮ߦ w Τϯτϩϐʔ͸ ϙʔτεΩϟϯ 5Y*% 216 + 216 ,.BO FUBM %/4$BDIF1PJTPOJOH"UUBDL 3FMPBEFE3FWPMVUJPOTXJUI4JEF$IBOOFMT Q'JHVSFΑΓҾ༻

*1ϑϥάϝϯτ߈ܸͱࣅͯΔͱ͜Ζ 4"%%/4 w P⒎QBUI߈ܸ w ιʔεϙʔτϥϯμϚΠζ͕ແޮ w *$.1͕ؔ܎͢Δ w ߈ܸͷΤϯτϩϐʔ͕ैདྷΑΓ௿͍
w 5$1Λ࢖͏ํ͕Αͦ͞͏

*1ϑϥάϝϯτ߈ܸͱҟͳΔͱ͜Ζ 4"%%/4 w ߈ܸʹ࢖͏Ԡ౴ 4"%%/4ैདྷͱಉ͡ *1ϑϥάϝϯτ߈ܸԠ౴ͷબ୒ࢶ͕ڱ͍ w ࣌ؒͷՔ͗ํ
4"%%/43FTQPOTF3BUF-JNJUPS$/".&DIBJO ‣ ಛʹϙʔτ୳ࡧ͸࣌ؒʹγϏΞ *1ϑϥάϝϯτ߈ِܸ૷ϑϥάϝϯτͷࣄલૹ৴ w Τϯτϩϐʔ

*1ϑϥάϝϯτ߈ܸͱҟͳΔͱ͜Ζ 4"%%/4 w ରࡦ 4"%%/4 ‣ %/44&$ YFODPEJOH %/4$PPLJF
connect()Λ࢖͏ ‣ *$.1%FTUJOBUJPO6OSFBDIBCMFΛฦ͞ͳ͍ %/4$PPLJF͸*1ϑϥάϝϯτ߈ܸͰ΋෼ׂͳΒ༗ޮ w *$.1ͷ੍ݶͷӨڹ *1ϑϥάϝϯτ߈ܸ1.56%ΛϒϩοΫ͢Δͱ1.56%CMBDLIPMFʹ

·ͱΊ

·ͱΊ *1ϑϥάϝϯςʔγϣϯ߈ܸ w %/4qBHEBZ*1ϑϥάϝϯςʔγϣϯ߈ܸ΁ͷରԠ w *1ϑϥάϝϯτ߈ܸϑϥάϝϯτύέοτΛِ૷ͯ͠ಟೖΕ w &%/4CV⒎FSTJ[FΛখ͘͢͞ΔɺϑϥάϝϯτύέοτΛ υϩοϓ͢ΔͳͲͷରࡦ
5$1ରԠ͸ඞਢ w 5$1ʹ͸ରԠ͍ͯ͠Δ͕όοϑΝαΠζ࡟ݮͷରԠ͸ਐ·ͣ w 04ɾιϑτ΢ΣΞͷΞοϓσʔτɺઃఆͷ֬ೝΛ

IP フラグメンテーション攻撃と DNS flag day 2020 / fragmentation attack and flag day 2020

IP フラグメンテーション攻撃と DNS flag day 2020 / fragmentation attack and flag day 2020

More Decks by koyane

Other Decks in Technology

Featured

Transcript