dns resolvers considered harmful
play

DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and - PowerPoint PPT Presentation

Mar 30, 2023 •263 likes •618 views

DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich 2 DNS resolvers abstract complexity and offer the possibility of improved performance and better scalability . Why are they harmful? 3 Resolvers Are Vulnerable

  1. DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich

  2. 2 DNS resolvers abstract complexity and offer the possibility of improved performance and better scalability . Why are they harmful?

  3. 3 Resolvers Are Vulnerable to Cache Injection ● Kaminsky vulnerability discovered in 2008, 16% of resolvers vulnerable to Kaminsky attack in 2012 [1] ● Preplay attack discovered in 2014, millions of wifi routers acting as resolvers are vulnerable [1] ● Shulman attack discovered in 2013, 79% of resolvers vulnerable [2] [1] Schomp, Kyle, Tom Callahan, Michael Rabinovich, [2] Herzberg, Amir and Haya Shulman. “Fragmentation and Mark Allman. "Assessing DNS Vulnerability to Considered Poisonous, or: One-domain-to-rule-them- Record Injection." PAM (2014). all.org.” CNS (2013).

  4. 4 Resolvers Should Not Be Trusted ● Resolvers rewrite responses for non-existent domains, effects 24% of clients [1] ● Others intentionally participate in hijacking domains (e.g., Paxfire in 2011 [3] ) Many countries use resolvers to enable censorship [4] ● ● ...yet we give them access to sensitive user information [3] Weaver, Nicholas, Christian Kreibich, and Vern [4] Verkamp, John-Paul, and Minaxi Gupta. "Inferring Paxson. "Redirecting DNS for ads and profit." FOCI mechanics of web censorship around the world." 2nd (2011). FOCI (2012).

  5. 5 Resolvers Obscure Clients ● Client-resolver location mismatch, 7.5-15% of clients suffer reduced performance due to wrong CDN edge server [5] ● Resolvers hide client population reducing the effectiveness of DNS-based load balancing [5] Huang, Cheng, Ivan Batanov, and Jin Li. "A practical solution to the client-LDNS mismatch problem." SIGCOMM (2012).

  6. 6 Resolvers Used In Amplification Attacks 24 million open resolvers on the Internet today [6] ● DNS amplification attacks are massive [7] and growing in ● popularity [8] [6] http://openresolverproject.org/ [7] http://www.zdnet.com/the-largest-ddos-attack-didnt- [8] NSFOCUS 2014 Mid-Year DDoS Threat Report. break-the-internet-but-it-did-try-7000013225/ http://en.nsfocus.com/2014/SecurityReport_0922/190. html

  7. 7 Existing Solutions Solutions to some of these issues, e.g., ○ Random transaction IDs and source ports mitigate guessing attacks such as Kaminsky ○ Closing open resolvers thwarts amplification attacks and preplay ○ EDNS-client-subnet (ECS) reveals more information about clients behind a resolver ○ DNSSEC provides data integrity and protects against all fraudulent records

  8. 8 Existing Solutions Aren’t Working ● Resolvers are still vulnerable to Kaminsky 6 years after its publication ● Millions of open resolvers on the Internet ● Current DNSSEC standard released 10 years ago, but deployment is still low ● Vulnerabilities still being discovered

  9. 9 Looking In Another Direction ● Many security issues that are not being addressed currently ● Much of the attack surface lies on the resolvers Why don’t we just get rid of resolvers?

  10. 10 Current Situation You (on your laptop) ? ADNS servers (e.g., a.root-servers.net, a.gtld-servers.net, ns1.google.com)

  11. 11 Client Resolution ADNS servers (e.g., a.root-servers.net, a.gtld-servers.net, ns1.google.com) You (on your laptop)

  12. 12 What do we gain? Reduces system complexity Removes the target of cache injection attacks Client resolution not vulnerable to same attacks Benefits CDN load balancing and server selection

  13. 13 What do we lose? Resolver caches provide performance to the clients ...and scalability to the system Resolvers anonymize clients

  14. 14 But how much scalability and performance do we lose? Measuring The Impact We use trace driven simulations to estimate client resolutions negative impact. ● Trace driven simulations to estimate client resolution’s negative impact ● The data ○ Network of approximately 100 residences ○ 2 recursive resolvers ○ 4 months of observations ○ Recursive resolutions of each domain name in the data

  15. 15 Effect on Performance DNS resolvers can reduce resolution time due to shared caching. Resolution times in trace vs. in simulated client resolution

  16. 16 Simulated Resolution Time Resolutions take a bit longer.

  17. 16 Simulated Resolution Time Resolutions take a bit longer.

  18. 16 Simulated Resolution Time Resolutions take a bit longer.

  19. 17 ...But there’s some slack DNS responses are not used immediately.

  20. 17 ...But there’s some slack DNS responses are not used immediately.

  21. 17 ...But there’s some slack DNS responses are not used immediately.

  22. 18 Delay On Connections Only a small % of connections are delayed at all! (more details in the paper)

  23. 18 Delay On Connections Only a small % of connections are delayed at all! (more details in the paper)

  24. 18 Delay On Connections Only a small % of connections are delayed at all! (more details in the paper)

  25. 19 Finding #1: Performance impact of client resolution is small

  26. 20 Effect on Scalability DNS resolvers reduce number of resolutions reaching authoritative servers Resolutions per authoritative domain in trace vs. in client resolution

  27. 21 Load on Auth. Domains 93% of authoritative domains will not see an increase in load ~but~ popular domains (e.g., com, google.com) will ○ use com as exemplar

  28. 22 com Domain Load ● Average load increases by 3.41 times! ● Peak load only increases by 1.14 times ● Which is more representative of impact on com domain? ○ Uncertain, let’s make both manageable

  29. 23 Increase Record Time-to-Live ● SLD records normally have 2 days TTLs ● Roughly 1.1% of those records change during a week ● What happens when the TTL is 1 week? Average Load 3.41 => 2.13 times trace load Peak Load 1.14 => 1.03 times trace load

  30. 24 Increase Questions Per Query ● Currently 1 question per DNS query ● Protocol can support multiple questions ● What happens when we ask 2 questions per query? Average Load 3.41 => 1.61 times trace load Peak Load 1.14 => 1.06 times trace load (reduces number of packets, not number of queries)

  31. 25 Increase TTL And Questions ● What happens when TTL is 1 week and we ask 2 questions per query? Average Load 3.41 => 1.33 times trace load Peak Load 1.14 => 1.06 times trace load

  32. 26 Finding #2: Scalability impact of client resolution is manageable

  33. 27 Final Thoughts ● Removing resolvers offers many advantages ● ...and small loses ○ Loss of anonymity in queries ○ Increase in authoritative domain load ● DNS prefetching has reduced reliance upon shared caches

  34. ? Thank you! email me at kgs7@case.edu

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cloning Considered Harmful Considered Harmful Cory Kapser and Michael W. Godfrey David R.

Cloning Considered Harmful Considered Harmful Cory Kapser and Michael W. Godfrey David R.

Cloning Considered Harmful Considered Harmful Cory Kapser and Michael W. Godfrey David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, Canada A Commonly Cited Belief Cloning considered harmful

881 views • 30 slides
QjackCtl Considered Harmful QjackCtl Considered Harmful rncbc a.k.a. a.k.a. Rui Nuno Capela Rui

QjackCtl Considered Harmful QjackCtl Considered Harmful rncbc a.k.a. a.k.a. Rui Nuno Capela Rui

LAC2018 @ c-base Berlin LAC2018 @ c-base Berlin QjackCtl Considered Harmful QjackCtl Considered Harmful rncbc a.k.a. a.k.a. Rui Nuno Capela Rui Nuno Capela rncbc rncbc.org rncbc.org June 2018 June 2018 (1) 2003-2004 Dawn of Qstuff* Dawn of

131 views • 11 slides
Ad Hoc Synchroniza/on Considered Harmful Weiwei Xiong, Soyoen

Ad Hoc Synchroniza/on Considered Harmful Weiwei Xiong, Soyoen

Ad Hoc Synchroniza/on Considered Harmful Weiwei Xiong, Soyoen Park, Jiaqi Zhang, Yuanyuan Zhou and Zhiqiang Ma UC San Diego University of

530 views • 39 slides
In-Flight IPv6 Extension Header Insertion Considered Harmful

In-Flight IPv6 Extension Header Insertion Considered Harmful

In-Flight IPv6 Extension Header Insertion Considered Harmful draft-smith-6man-in-flight-eh-insertion-harmful IETF-106 Mark Smith markzzzsmith@gmail.com Naveen Kottapalli naveen.sarma@gmail.com Ron Bonica rbonica@juniper.net Fernando Gont

506 views • 34 slides
Semantically Far Inspirations Considered Harmful? Accounting For Cognitive States In

Semantically Far Inspirations Considered Harmful? Accounting For Cognitive States In

Semantically Far Inspirations Considered Harmful? Accounting For Cognitive States In Collaborative Ideation Joel Chan 1 , Pao Siangliulue 2 , Denisa Qori McDonald 3 , Ruixue Liu 3 , Reza Moradinezhad 3 , Safa Aman 3 , Erin T. Solovey 3 ,

468 views • 44 slides
MD5 To Be Considered Harmful (Someday) Dan Kaminsky Basics MD5: Hashing algorithm

MD5 To Be Considered Harmful (Someday) Dan Kaminsky Basics MD5: Hashing algorithm

MD5 To Be Considered Harmful (Someday) Dan Kaminsky Basics MD5: Hashing algorithm Fingerprint of data easy to synthesize (push here), hard to fake (grow this) Known since 1997 it was theoretically not so hard to create

573 views • 35 slides
Can Some Programming Languages Be Considered Harmful? S.Janssens U.P.Schultz V.Zaytsev

Can Some Programming Languages Be Considered Harmful? S.Janssens U.P.Schultz V.Zaytsev

CHESE @ PLATEAU @ SPLASH 2017 Can Some Programming Languages Be Considered Harmful? S.Janssens U.P.Schultz V.Zaytsev Meet the ones responsible: Edsger W. Dijkstra Sabine Janssens Ulrik Pagh Schultz Vadim Zaytsev Computing pioneer

301 views • 12 slides
Penetra'on Tes'ng Considered Harmful (haroon@thinkst.com) Who i am..

Penetra'on Tes'ng Considered Harmful (haroon@thinkst.com) Who i am..

Penetra'on Tes'ng Considered Harmful (haroon@thinkst.com) Who i am.. (& Why this talk?) haroon@thinkst.com Some Tools Some Papers Some Books So ? Some

1.38k views • 137 slides
DYNAMIC LINKING CONSIDERED HARMFUL 1 WHY WE NEED LINKING Want to access code/data defined

DYNAMIC LINKING CONSIDERED HARMFUL 1 WHY WE NEED LINKING Want to access code/data defined

DYNAMIC LINKING CONSIDERED HARMFUL 1 WHY WE NEED LINKING Want to access code/data defined somewhere else (another file in our project, a library, etc) In compiler-speak, we want symbols with external linkage I only really care

563 views • 39 slides
Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security

Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security

Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security F. Fischer * , K. Bttinger * , H.Xiao * , C. Stransky , Y. Acar , M. Backes , S. Fahl * Fraunhofer AISEC CISPA, Saarland

739 views • 44 slides
SFS: Random Write Considered Harmful in Solid State Drives Changwoo Min 1, 2 , Kangnyeon Kim 1 ,

SFS: Random Write Considered Harmful in Solid State Drives Changwoo Min 1, 2 , Kangnyeon Kim 1 ,

SFS: Random Write Considered Harmful in Solid State Drives Changwoo Min 1, 2 , Kangnyeon Kim 1 , Hyunjin Cho 2 , Sang-Won Lee 1 , Young Ik Eom 1 1 Sungkyunkwan University, Korea 2 Samsung Electronics, Korea Outline Background Design

367 views • 34 slides
Semaphores considered Edsger s perspective harmful During system conception it transpired

Semaphores considered Edsger s perspective harmful During system conception it transpired

Semaphores considered Edsger s perspective harmful During system conception it transpired that we used the semaphores in Semaphores are low-level primitives. Small two completely different ways. The difference is so marked that,

328 views • 19 slides
Sequential consistency considered harmful Viktor Vafeiadis Max Planck Institute for Software

Sequential consistency considered harmful Viktor Vafeiadis Max Planck Institute for Software

Sequential consistency considered harmful Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) 7 November 2017 The standard WMC talk . . . Sequential consistency (SC) CPU CPU Interleaving semantics read write

514 views • 15 slides
Stored Program Considered Harmful: History & Historiography Thomas Haigh University of

Stored Program Considered Harmful: History & Historiography Thomas Haigh University of

Stored Program Considered Harmful: History & Historiography Thomas Haigh University of WisconsinMilwaukee Paper presented at CIE 2013 Special Session on History of Computing Broader Project History of ENIAC in use ENIAC built 1943

556 views • 24 slides
Linux Wireless Drivers Freedom considered harmful? Felix Fietkau <nbd@openwrt.org>

Linux Wireless Drivers Freedom considered harmful? Felix Fietkau <nbd@openwrt.org>

Linux Wireless Drivers Freedom considered harmful? Felix Fietkau <nbd@openwrt.org> 2015-12-30 Introduction OpenWrt developer for >10 years Involved with Linux wireless drivers almost as long Main focus: access points and

306 views • 27 slides
rsync considered inefficient and harmful ggm@apnic.net bje@apnic.net

rsync considered inefficient and harmful ggm@apnic.net bje@apnic.net

rsync considered inefficient and harmful ggm@apnic.net bje@apnic.net 1 RPKI uses rsync RPKI uses rsync as its data publica>on protocol for wider

681 views • 47 slides
There shall be no interference by a public authority with the exercise of this right except

There shall be no interference by a public authority with the exercise of this right except

There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic

558 views • 11 slides
SIMILARITY SEARCH The Metric Space Approach Pavel Zezula, Giuseppe Amato, Vlastislav Dohnal,

SIMILARITY SEARCH The Metric Space Approach Pavel Zezula, Giuseppe Amato, Vlastislav Dohnal,

SIMILARITY SEARCH The Metric Space Approach Pavel Zezula, Giuseppe Amato, Vlastislav Dohnal, Michal Batko Table of Contents Part I: Metric searching in a nutshell Foundations of metric space searching Survey of exiting approaches Part

953 views • 37 slides
Studies with RegCM4: Cyclones over South Atlantic and diurnal cycle of precipitation, new

Studies with RegCM4: Cyclones over South Atlantic and diurnal cycle of precipitation, new

Studies with RegCM4: Cyclones over South Atlantic and diurnal cycle of precipitation, new microphysics scheme and seasonal forecast over South America Photo: Benedito Silva Julio Pablo R. Fernandez Marta

954 views • 33 slides
Dynamic Geometry Processing EG 2012 Tutorial Local, Rigid, Pairwise The ICP

Dynamic Geometry Processing EG 2012 Tutorial Local, Rigid, Pairwise The ICP

Dynamic Geometry Processing EG 2012 Tutorial Local, Rigid, Pairwise The ICP algorithm and its extensions Niloy J. Mitra University College London Eurographics 2012, Cagliari, Italy Geometric

706 views • 57 slides
100% Renewable Electricity Tim McCollough, Lindsay Ex 1 September 20, 2018 Principles

100% Renewable Electricity Tim McCollough, Lindsay Ex 1 September 20, 2018 Principles

100% Renewable Electricity Tim McCollough, Lindsay Ex 1 September 20, 2018 Principles Financial Sustainability Environmental Reliability Stewardship 2 100% Renewable Electricity Resolution Direction: Community & Council

343 views • 9 slides
Board of Governors Meeting via Teleconference/Webinar April 26, 2016 12:00-1:30 p.m. ET Welcome

Board of Governors Meeting via Teleconference/Webinar April 26, 2016 12:00-1:30 p.m. ET Welcome

Board of Governors Meeting via Teleconference/Webinar April 26, 2016 12:00-1:30 p.m. ET Welcome and Introductions Grayson Norquist, MD, MSPH Chairperson, Board of Governors Joe Selby, MD, MPH Executive Director Agenda Time Agenda Item

707 views • 48 slides
Analysis using Relative Infinitesimals Richard ODonovan Pisa, June 2008 in collaboration with

Analysis using Relative Infinitesimals Richard ODonovan Pisa, June 2008 in collaboration with

Analysis using Relative Infinitesimals Richard ODonovan Pisa, June 2008 in collaboration with K. Hrbacek and O. Lessmann Axiomatic properties of levels 1. Real numbers are stratified in levels. 2. There is a coarsest level and 1 appears at

455 views • 19 slides
Classification and Pattern Recognition L eon Bottou NEC Labs America COS 424 2/23/2010

Classification and Pattern Recognition L eon Bottou NEC Labs America COS 424 2/23/2010

Classification and Pattern Recognition L eon Bottou NEC Labs America COS 424 2/23/2010 The machine learning mix and match Classification, clustering, regression, other. Goals Parametric vs. kernels vs. nonparametric Probabilistic vs.

663 views • 32 slides

More recommend