a centralized monitoring infrastructure for improving dns
play

A Centralized Monitoring Infrastructure For Improving DNS Security - PowerPoint PPT Presentation

Dec 03, 2022 •275 likes •691 views

Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions A Centralized Monitoring Infrastructure For Improving DNS Security Manos Antonakakis David Dagon Luo Daniel Xiapu Roberto Perdisci

  1. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions A Centralized Monitoring Infrastructure For Improving DNS Security Manos Antonakakis David Dagon Luo “Daniel” Xiapu Roberto Perdisci Wenke Lee Justin Bellmor Georgia Institute of Technology Information Security Center Atlanta, Georgia RAID, Ottawa, 2010 1 / 41

  2. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Outline and Credits Challenges in DNS Robert Edmonds and Paul Royal poisoning detection for their useful comments Previous work Chis Lee and the GT-OIT stuff for Describing the attack the abuse handling vector SIE@ISC : Paul and Eric scan Methodology point (SJ) and pDNS DNS poisoning CIRA : Norm and Matthew scan detection point in Canada Summary 2 / 41

  3. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Challenges in DNS poisoning detection DNS poisoning is a successful attack vector (thanks Dan!) Detection requires “on path” with the recursive and/or DNS cache observation DNS poisoning is hard to observe (sporadic and short) ... or you can do so at the authority: Counts patterns of ICMP(3,3) and qr/rd ratios So, what we need? Technology that creates its own path with the RDNS Sophisticated DNS cache inspection techniques 3 / 41

  4. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Challenges in DNS poisoning detection DNS poisoning is a successful attack vector (thanks Dan!) Detection requires “on path” with the recursive and/or DNS cache observation DNS poisoning is hard to observe (sporadic and short) ... or you can do so at the authority: Counts patterns of ICMP(3,3) and qr/rd ratios So, what we need? Technology that creates its own path with the RDNS Sophisticated DNS cache inspection techniques 4 / 41

  5. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Challenges in DNS poisoning detection DNS poisoning is a successful attack vector (thanks Dan!) Detection requires “on path” with the recursive and/or DNS cache observation DNS poisoning is hard to observe (sporadic and short) ... or you can do so at the authority: Counts patterns of ICMP(3,3) and qr/rd ratios So, what we need? Technology that creates its own path with the RDNS Sophisticated DNS cache inspection techniques 5 / 41

  6. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Challenges in DNS poisoning detection DNS poisoning is a successful attack vector (thanks Dan!) Detection requires “on path” with the recursive and/or DNS cache observation DNS poisoning is hard to observe (sporadic and short) ... or you can do so at the authority: Counts patterns of ICMP(3,3) and qr/rd ratios So, what we need? Technology that creates its own path with the RDNS Sophisticated DNS cache inspection techniques 6 / 41

  7. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Challenges in DNS poisoning detection DNS poisoning is a successful attack vector (thanks Dan!) Detection requires “on path” with the recursive and/or DNS cache observation DNS poisoning is hard to observe (sporadic and short) ... or you can do so at the authority: Counts patterns of ICMP(3,3) and qr/rd ratios So, what we need? Technology that creates its own path with the RDNS Sophisticated DNS cache inspection techniques 7 / 41

  8. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Challenges in DNS poisoning detection DNS poisoning is a successful attack vector (thanks Dan!) Detection requires “on path” with the recursive and/or DNS cache observation DNS poisoning is hard to observe (sporadic and short) ... or you can do so at the authority: Counts patterns of ICMP(3,3) and qr/rd ratios So, what we need? Technology that creates its own path with the RDNS Sophisticated DNS cache inspection techniques 8 / 41

  9. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Challenges in DNS poisoning detection DNS poisoning is a successful attack vector (thanks Dan!) Detection requires “on path” with the recursive and/or DNS cache observation DNS poisoning is hard to observe (sporadic and short) ... or you can do so at the authority: Counts patterns of ICMP(3,3) and qr/rd ratios So, what we need? Technology that creates its own path with the RDNS Sophisticated DNS cache inspection techniques 9 / 41

  10. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Challenges in DNS poisoning detection DNS poisoning is a successful attack vector (thanks Dan!) Detection requires “on path” with the recursive and/or DNS cache observation DNS poisoning is hard to observe (sporadic and short) ... or you can do so at the authority: Counts patterns of ICMP(3,3) and qr/rd ratios So, what we need? Technology that creates its own path with the RDNS Sophisticated DNS cache inspection techniques 10/ 41

  11. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions A Monitoring Infrastructure For DNS Security What “Anax” does : requests, records and analyzes DNS records from a large set of open-RDNS around the globe, looking for DNS cache abnormalities Since Anax can detect poisonous RRs in Internet scale measurements, the system can do the same in a less diverse set of RDNSs, e.g., those in a single organization 11/ 41

  12. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions A Monitoring Infrastructure For DNS Security What “Anax” does : requests, records and analyzes DNS records from a large set of open-RDNS around the globe, looking for DNS cache abnormalities Since Anax can detect poisonous RRs in Internet scale measurements, the system can do the same in a less diverse set of RDNSs, e.g., those in a single organization 12/ 41

  13. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Some of the previous work ... DNS Recursive Resolution plane : Dagon et al. “Corrupted DNS Resolution Paths” NDSS 2007 DNS Entropy : Dagon et al. “Increased DNS Forgery Resistance Through 0x20-Bit Encoding” CCS 2008 DNS Software Vulnerabilities : Dagon et al. “Recursive DNS Architectures and Vulnerability Implications”, NDSS 2009 Poisoning Prevention DNSSEC RFC 4033 and 4034, DNSCurve. Perdisci et al. “WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks”, DSN-DCCS 2009 13/ 41

  14. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Some of the previous work ... DNS Recursive Resolution plane : Dagon et al. “Corrupted DNS Resolution Paths” NDSS 2007 DNS Entropy : Dagon et al. “Increased DNS Forgery Resistance Through 0x20-Bit Encoding” CCS 2008 DNS Software Vulnerabilities : Dagon et al. “Recursive DNS Architectures and Vulnerability Implications”, NDSS 2009 Poisoning Prevention DNSSEC RFC 4033 and 4034, DNSCurve. Perdisci et al. “WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks”, DSN-DCCS 2009 14/ 41

  15. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Some of the previous work ... DNS Recursive Resolution plane : Dagon et al. “Corrupted DNS Resolution Paths” NDSS 2007 DNS Entropy : Dagon et al. “Increased DNS Forgery Resistance Through 0x20-Bit Encoding” CCS 2008 DNS Software Vulnerabilities : Dagon et al. “Recursive DNS Architectures and Vulnerability Implications”, NDSS 2009 Poisoning Prevention DNSSEC RFC 4033 and 4034, DNSCurve. Perdisci et al. “WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks”, DSN-DCCS 2009 15/ 41

  16. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Some of the previous work ... DNS Recursive Resolution plane : Dagon et al. “Corrupted DNS Resolution Paths” NDSS 2007 DNS Entropy : Dagon et al. “Increased DNS Forgery Resistance Through 0x20-Bit Encoding” CCS 2008 DNS Software Vulnerabilities : Dagon et al. “Recursive DNS Architectures and Vulnerability Implications”, NDSS 2009 Poisoning Prevention DNSSEC RFC 4033 and 4034, DNSCurve. Perdisci et al. “WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks”, DSN-DCCS 2009 16/ 41

  17. Challenges in DNS poisoning detection The attack vector Methodology Poisoning Detection Conclusions Some of the previous work ... DNS Recursive Resolution plane : Dagon et al. “Corrupted DNS Resolution Paths” NDSS 2007 DNS Entropy : Dagon et al. “Increased DNS Forgery Resistance Through 0x20-Bit Encoding” CCS 2008 DNS Software Vulnerabilities : Dagon et al. “Recursive DNS Architectures and Vulnerability Implications”, NDSS 2009 Poisoning Prevention DNSSEC RFC 4033 and 4034, DNSCurve. Perdisci et al. “WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks”, DSN-DCCS 2009 17/ 41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Vembu BDR360 Centralized Monitoring And Management Portal www.vembu.com About Vembu Technologies

Vembu BDR360 Centralized Monitoring And Management Portal www.vembu.com About Vembu Technologies

Vembu BDR360 Centralized Monitoring And Management Portal www.vembu.com About Vembu Technologies 4000+ Channel Partners Founded in 200 2 Private Company Reached more than 60,000 businesses Profitable since 2006 HQ in Chennai, India 70 % of

355 views • 13 slides
Centralized/ Decentralized Treatment Approaches Brian M cBride, Wood Environment &

Centralized/ Decentralized Treatment Approaches Brian M cBride, Wood Environment &

Centralized/ Decentralized Treatment Approaches Brian M cBride, Wood Environment & Infrastructure Solutions Inc. February 20, 2019 Agenda v Definitions A. SG-1 Plan Rubric B. Options, alternatives, scenarios v Centralized/

377 views • 12 slides
adapt the regulation to the existing national reality; planning actions to enhance

adapt the regulation to the existing national reality; planning actions to enhance

SIC Centralized Information System ITU-EC Regional Conference for Europe Broadband Services and Infrastructure Mapping DSC 12.04.2016 Agenda v SIC Presentation Centralized Information System Overview SIC Users profiles

225 views • 19 slides
All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring Systems Andrei Costin EURECOM, France 1 st Workshop on Security & Privacy in the Cloud (SPC) 30 Sep 2015, Florence Italy Agenda

640 views • 63 slides
Centralized Production Facilities and Infrastructure Critical Drivers to Infill Development

Centralized Production Facilities and Infrastructure Critical Drivers to Infill Development

Centralized Production Facilities and Infrastructure Critical Drivers to Infill Development in the Bakken Mark Pearson, President Liberty Resources LLC Chris Clark, Production Engineering Manager Liberty Resources LLC Tappan

529 views • 35 slides
The PerfSONAR framework for inter-domain monitoring in the GLIF infrastructure Authors: ing.

The PerfSONAR framework for inter-domain monitoring in the GLIF infrastructure Authors: ing.

Introduction Outline Requirements for monitoring the GLIF infrastructure Problem description PerfSONAR framework Research question E2E inter-domain monitoring in the GLIF infrastructure Context Conclusions and future work The PerfSONAR

524 views • 30 slides
Patented Object Level DRM, e-Commerce, Content Security and Tracking Centralized Content

Patented Object Level DRM, e-Commerce, Content Security and Tracking Centralized Content

Patented Object Level DRM, e-Commerce, Content Security and Tracking Centralized Content Infrastructure High overhead, marketing and support costs The New Content Infrastructure Decentralized, Low to No Overhead The Business Model for

373 views • 36 slides
HOW TO OPTIMIZE YOUR GREEN INFRASTRUCTURE INVESTMENT WITH TESTING AND MONITORING Do you know how

HOW TO OPTIMIZE YOUR GREEN INFRASTRUCTURE INVESTMENT WITH TESTING AND MONITORING Do you know how

HOW TO OPTIMIZE YOUR GREEN INFRASTRUCTURE INVESTMENT WITH TESTING AND MONITORING Do you know how your green infrastructure is performing? Andy Sauer, PE, ENV SP, Project Manager GREEN INFRASTRUCTURE Sometimes referred to as stormwater best

345 views • 11 slides
Monitoring In Motion Challenges in monitoring kubernetes, containers, and dynamic infrastructure.

Monitoring In Motion Challenges in monitoring kubernetes, containers, and dynamic infrastructure.

Monitoring In Motion Challenges in monitoring kubernetes, containers, and dynamic infrastructure. Ilan Rabinovitch ContainerCon Toronto Director, Technical Community Aug 24, 2016 Datadog $ finger ilan@datadog [datadoghq.com] Name:

989 views • 78 slides
Ed Education for Improving Resiliency of Coastal Infrastructure Ismael Pagn-Trinidad(PI) 1 ,

Ed Education for Improving Resiliency of Coastal Infrastructure Ismael Pagn-Trinidad(PI) 1 ,

nd Annual M CRC 2 2 nd Meeting: F February 1 1-3, 2 2017 Chapel H Hill, N NC Ed Education for Improving Resiliency of Coastal Infrastructure Ismael Pagn-Trinidad(PI) 1 , Ricardo R. Lpez (Co-PI) 2 Civil Infrastructure Research Center

481 views • 27 slides
CABRI POLICY DIALOGUE (Session 5) Monitoring the execution of infrastructure projects 24 August

CABRI POLICY DIALOGUE (Session 5) Monitoring the execution of infrastructure projects 24 August

CABRI POLICY DIALOGUE (Session 5) Monitoring the execution of infrastructure projects 24 August 2017 National Treasury: South Africa 1 UNDERSTANDING INFRASTRUCTURE DELIVERY GOVERNMENTS INFRASTRUCTURE DELIVERY MANAGEMENT SYSTEM (IDMS)

440 views • 15 slides
Broadcast infrastructure Monitoring & automation LoriotPro Broadcast Edition A Microsoft

Broadcast infrastructure Monitoring & automation LoriotPro Broadcast Edition A Microsoft

Broadcast infrastructure Monitoring & automation LoriotPro Broadcast Edition A Microsoft Windows compatible software with multi-user WEB access Real time monitoring Backbone, Datacenter, HFC Networks, Earth Station, Headends, DVB

544 views • 9 slides
Improving Scalability and Fault Improving Scalability and Fault Tolerance in an Application

Improving Scalability and Fault Improving Scalability and Fault Tolerance in an Application

Improving Scalability and Fault Improving Scalability and Fault Tolerance in an Application Tolerance in an Application Management Infrastructure Management Infrastructure Nikolay Topilski , Jeannie Albrecht, and Amin Vahdat Williams College

560 views • 18 slides
Monitoring & Annual Business Plans (Inputs & Activities) Infrastructure / Business /

Monitoring & Annual Business Plans (Inputs & Activities) Infrastructure / Business /

08/11/18 Approach to M&E Monitoring & Annual Business Plans (Inputs & Activities) Infrastructure / Business / Skills. Measured through ongoing Strategy /Operating Framework monitoring, quarterly reporting, published annual report

541 views • 5 slides
INFRASTRUCTURE Fault Detection at Scale INFRASTRUCTURE Giacomo Bagnoli Production Engineer, PE

INFRASTRUCTURE Fault Detection at Scale INFRASTRUCTURE Giacomo Bagnoli Production Engineer, PE

INFRASTRUCTURE Fault Detection at Scale INFRASTRUCTURE Giacomo Bagnoli Production Engineer, PE Network Monitoring Monitoring the network How and what NetNORAD NFI Agenda TTLd Netsonar Lessons learned

554 views • 34 slides
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 Improving Critical Infrastructure Cybersecurity Kevin Stine National Institute of Standards and Technology Executive Order 13636:

128 views • 11 slides
Solar and Photovoltaic Demonstrative research on PV performance in Thailand August 17, 2006

Solar and Photovoltaic Demonstrative research on PV performance in Thailand August 17, 2006

1 Solar and Photovoltaic Demonstrative research on PV performance in Thailand August 17, 2006 Fuji Electric Systems Co., Ltd. 2 Todays Line up 1. Solar cell 2. PV system 3. PV market 4. Demonstrative sites and measurement items 5.

1.51k views • 70 slides
Vestry Road | Southwark Tenants Hall and Residential Development Pre-Planning Public

Vestry Road | Southwark Tenants Hall and Residential Development Pre-Planning Public

Vestry Road | Southwark Tenants Hall and Residential Development Pre-Planning Public Consultation FBMArchitects July 2020 1 Welcome Welcome to our on-line consultation that describes redevelopment proposals for the Lettsom Tenants Hall on

482 views • 34 slides
10 Tressillian Crescent Innovation and Conservation 10th June 2017 10 Tressillian Crescent a

10 Tressillian Crescent Innovation and Conservation 10th June 2017 10 Tressillian Crescent a

10 Tressillian Crescent Innovation and Conservation 10th June 2017 10 Tressillian Crescent a collaborative architecture Tressillian Crescent - Innovation and Conservation 10 Tressillian Crescent a collaborative architecture Tressillian

599 views • 30 slides
Foy Lane Middle School Moving Up Ceremony June 16, 2020 Susan Ostrofsky Amanda Gerber Mary

Foy Lane Middle School Moving Up Ceremony June 16, 2020 Susan Ostrofsky Amanda Gerber Mary

Foy Lane Middle School Moving Up Ceremony June 16, 2020 Susan Ostrofsky Amanda Gerber Mary Harrison Wilma Pabon-Evans Principal Assistant Principal Assistant Principal Assistant Principal Order of Program ************* PROCESSIONAL MUSIC

365 views • 8 slides
Chocolate is our business, finest chocolate We are never satisfied! We continue to that can be

Chocolate is our business, finest chocolate We are never satisfied! We continue to that can be

Chocolate Lake Company for Chocolate & Sweet CHOCOLAKE Manufacturing Chocolate is our business, finest chocolate We are never satisfied! We continue to that can be relied on. Having the customer improve in every area of our business, at

326 views • 3 slides
2010 Full Year Results 2010 Full Year Results - Vasco CIS abstract Presentation to Analysts and

2010 Full Year Results 2010 Full Year Results - Vasco CIS abstract Presentation to Analysts and

2010 Full Year Results 2010 Full Year Results - Vasco CIS abstract Presentation to Analysts and Investors 21 March 2011 Full year results ended 31 December 2010 - 1 Update on business initiatives Bob Kunze-Concewitz, CEO Full year results ended

574 views • 3 slides
United States Court of Appeals for the Federal Circuit 2008-1448 (Opposition No. 91/157,315) IN

United States Court of Appeals for the Federal Circuit 2008-1448 (Opposition No. 91/157,315) IN

United States Court of Appeals for the Federal Circuit 2008-1448 (Opposition No. 91/157,315) IN RE BOSE CORPORATION, Appellant. Charles Hieken, Fish & Richardson P.C., of Boston, Massachusetts, argued for appellant. With him on the brief

319 views • 12 slides
Multi-variable Optimization K-means clustering K-means clustering on points is finding K

Multi-variable Optimization K-means clustering K-means clustering on points is finding K

Multi-variable Optimization K-means clustering K-means clustering on points is finding K central locations that reduce the distance of each point to the nearest central location (summed over all points) K=3 K-means clustering For

383 views • 10 slides

More recommend