evaluation of trust relationships in the domain name
play

Evaluation of Trust Relationships in the Domain Name System Final - PowerPoint PPT Presentation

Sep 12, 2022 •253 likes •487 views

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluation of Trust Relationships in the Domain Name System Final Talk for Masters Thesis Frank Schmidt July 12, 2017 Chair of Network

  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluation of Trust Relationships in the Domain Name System Final Talk for Master’s Thesis Frank Schmidt July 12, 2017 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

  2. Chair of Network Architectures and Services Department of Informatics Technical University of Munich DNS terms DNS : hierarchical distributed database for translating domain names to IP addresses zone : organisational unit of the DNS, serves information for names contained within zonefile : general format for specifying the contents of a zone delegation : transfer of responsibility from a parent zone to its child zone F. Schmidt — DNS Scanning 2

  3. Chair of Network Architectures and Services Department of Informatics Technical University of Munich DNS structure and Trust . net. de. ... de.net. denic.de. nic.de. ... l.de.net. ns1.denic.de. a.nic.de. A AAAA 81.91.170.1 2a02:568:121:6:2::2 F. Schmidt — DNS Scanning 3

  4. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Custom resolver • focus on the resolution process and not on the reply • obtain information about the DNS infrastructure • query all available name servers found in the DNS • resilient against uncommon configurations and network errors • follow netiquette F. Schmidt — DNS Scanning 4

  5. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Scanner overview Raw Internet Postgres Scanner Results Meta Input google.com. youtube.com. facebook.com. ... F. Schmidt — DNS Scanning 5

  6. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Scanner internals • implemented in Go • query IPv4 and IPv6 name servers • gather DNSSEC information • store raw queries for for validation and after-the-fact analysis • zone completion tracking by SCC F. Schmidt — DNS Scanning 6

  7. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Termination by SCC . net. de. ... de.net. denic.de. nic.de. ... l.de.net. ns1.denic.de. a.nic.de. AAAA A 81.91.170.1 2a02:568:121:6:2::2 F. Schmidt — DNS Scanning 7

  8. Chair of Network Architectures and Services Department of Informatics Technical University of Munich . info. dynamicnetworkservices.net. isc-sns.com. dyntld.net. ca. cira.ca. utoronto.ca. cs.utoronto.ca. utcc.utoronto.ca. eis.utoronto.ca. ubc.ca. bc.net. pch.net. risq.qc.ca. fr. cdec.polymtl.ca. ht. gra fi klif.ht. web.ht. inend.ht. F. Schmidt — DNS Scanning 8

  9. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Performance General: • concurrency where possible • minimize allocations • expiry of unneeded information • profiling DNS: • reduce delegation queries to TLD name servers • exploit zone file information F. Schmidt — DNS Scanning 9

  10. Chair of Network Architectures and Services Department of Informatics Technical University of Munich DNS-in-a-Box Raw Internet Postgres Scanner Results Meta Input google.com. youtube.com. facebook.com. ... F. Schmidt — DNS Scanning 10

  11. Chair of Network Architectures and Services Department of Informatics Technical University of Munich DNS-in-a-Box • independent from the internet • reproducible scans • finds most bugs before scanning the internet • necessitated some resolver adaptations due to the optimizations • deterministic choice of name servers to query F. Schmidt — DNS Scanning 11

  12. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Deterministic name server choice sort(parent_nameservers, key=fnv-1a(IP+domain_name+IP))[:3] F. Schmidt — DNS Scanning 12

  13. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Performed scans • queried types: A/AAAA/MX/TXT • incrementally increased the number of domains • results based on scans of the Alexa list and a subset of the .com zone, consisting of 1M domains each • full debug output • arbitrary query limits scope query rate max outstanding queries name server 40 80 global 8000 24000 F. Schmidt — DNS Scanning 13

  14. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Scan overview scan runtime [s] CPU [s] results Alexa list 5144 8457 6,2 GB .com sample 6191 7053 3,5 GB name servers Alexa name servers .com failed queries Alexa failed queries .com 10 4 number of active name servers 60 10 3 failed queries [%] 40 10 2 20 10 1 10 0 0 0 0 1 , 000 1 , 000 2 , 000 2 , 000 3 , 000 3 , 000 4 , 000 4 , 000 5 , 000 5 , 000 6 , 000 6 , 000 time [s] F. Schmidt — DNS Scanning 14

  15. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Zone setups Alexa 1 .com number of zones [in M] 0 . 8 0 . 6 0 . 4 0 . 2 0 a h m s c l o e l l u l u s l f s d t t - t i e i h s d - o e c h r s e o o t d v s e e d t r e e d d F. Schmidt — DNS Scanning 15

  16. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Trusted computing base 100 80 CDF [%] 60 40 20 Alexa .com 0 0 49 100 200 300 400 476 number of name servers F. Schmidt — DNS Scanning 16

  17. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Name server influence Alexa 100 .info/.org .com number of names controlled [%] Cloudflare 10 GoDaddy .info/.org 1 0 . 1 0 . 01 1 10 100 1 , 000 10 , 000 rank F. Schmidt — DNS Scanning 17

  18. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Nonexistent name servers Alexa 3 , 000 .com number of affected zones 2 , 000 1 , 000 0 erroneous trailing dot missing trailing dot special-use TLD abandoned domains IP in NS RR F. Schmidt — DNS Scanning 18

  19. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Future work • closer investigation of “abandoned” domains • extend the scanner • CNAME/SOA/MX chasing • reverse lookups • DNSSEC validation • long term differential analysis F. Schmidt — DNS Scanning 19

  20. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Thank you for your attention! Any questions? F. Schmidt — DNS Scanning 20

  21. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Appendix allocated Alexa allocated .com progress .com progress Alexa 5 8 , 000 CPU time = sys + user [s] allocated memory [GB] 4 6 , 000 3 4 , 000 2 2 , 000 1 0 0 0 0 1 , 000 1 , 000 2 , 000 2 , 000 3 , 000 3 , 000 4 , 000 4 , 000 5 , 000 5 , 000 6 , 000 6 , 000 time [s] time [s] F. Schmidt — DNS Scanning 21

  22. Chair of Network Architectures and Services Department of Informatics Technical University of Munich F. Schmidt — DNS Scanning 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CCPS Framework for Teaching Evaluation Criteria Domain 1: Planning and Preparation A.

CCPS Framework for Teaching Evaluation Criteria Domain 1: Planning and Preparation A.

CCPS Framework for Teaching Evaluation Criteria Domain 1: Planning and Preparation A. Demonstrates knowledge of content and pedagogy 1. Displays knowledge of concepts, skills, and prerequisite relationships within the CCPS curriculum 2. Plans

514 views • 7 slides
In Grid We Trust New authentication mechanisms and their impact on trust relationships at the

In Grid We Trust New authentication mechanisms and their impact on trust relationships at the

In Grid We Trust New authentication mechanisms and their impact on trust relationships at the home organisation ISGC 2011 David Groep David Groep Nikhef Amsterdam PDP & Grid In Grid ... where many participants have no a-priori

309 views • 26 slides
RedHawk sojourner: bill vassiliou LEADERSHIP transformation through relationships of trust the

RedHawk sojourner: bill vassiliou LEADERSHIP transformation through relationships of trust the

JOINT PACFA / CCAA / SCAPE Conference September 9-11, 2016 RedHawk sojourner: bill vassiliou LEADERSHIP transformation through relationships of trust the relationships you and God you and your self you and your client the

643 views • 20 slides
A Model of Trust Evaluation for A Model of Trust Evaluation for X.509 Certificate Abu Shohel

A Model of Trust Evaluation for A Model of Trust Evaluation for X.509 Certificate Abu Shohel

A Model of Trust Evaluation for A Model of Trust Evaluation for X.509 Certificate Abu Shohel Ahmed Abu Shohel Ahmed NordSecMob, University of Tartu How to identify an anonymous persons in online or virtual world? or virtual world? Whom to

582 views • 19 slides
WELCOME TO KINDERGARTEN! SCHOOL IS All about building relationships, establishing trust,

WELCOME TO KINDERGARTEN! SCHOOL IS All about building relationships, establishing trust,

WELCOME TO KINDERGARTEN! SCHOOL IS All about building relationships, establishing trust, creating working literate environments, and getting to know children as readers and learners and remembering that our classrooms still need to be

454 views • 19 slides
IMPRESSIONS OF OUR WORK IN 2019 With the young child at the center, relationships of trust,

IMPRESSIONS OF OUR WORK IN 2019 With the young child at the center, relationships of trust,

IMPRESSIONS OF OUR WORK IN 2019 With the young child at the center, relationships of trust, openness and reverence are the starting points for educating in and towards freedom. Worldwide Co-operation for the Future of Childhood through

797 views • 40 slides
A GREAT VIRTUE THE FOUNDATION OF TRUST THE HEART OF RELATIONSHIPS AUTHENTICITY

A GREAT VIRTUE THE FOUNDATION OF TRUST THE HEART OF RELATIONSHIPS AUTHENTICITY

A GREAT VIRTUE THE FOUNDATION OF TRUST THE HEART OF RELATIONSHIPS AUTHENTICITY INTEGRITY SINCERITY SAFETY HELEN.STREET@UWA.EDU.AU POSITIVESCHOOLS.COM.AU WHAT IT MEANS TO BE HONEST TRUTH, SINCERITY, LAW ABIDING,

574 views • 24 slides
Updates in Preoperative Evaluation and No financial relationships with commercial interests

Updates in Preoperative Evaluation and No financial relationships with commercial interests

Disclosures Updates in Preoperative Evaluation and No financial relationships with commercial interests within the past year Perioperative Care No discussion of investigational or off label use of medications or products Henry

417 views • 17 slides
Com puting W ord of Mouth Trust Relationships in Social Netw orks from Sem antic W eb and W eb2

Com puting W ord of Mouth Trust Relationships in Social Netw orks from Sem antic W eb and W eb2

Com puting W ord of Mouth Trust Relationships in Social Netw orks from Sem antic W eb and W eb2 .0 Data Sources Tom Heath, Enrico Motta Knowledge Media Institute, The Open University Marian Petre Department of Computing, The Open University

271 views • 26 slides
Secure Coding Patterns @andhallberg TrueSec Trust Domain-Driven Security The Untrusted Pa7ern

Secure Coding Patterns @andhallberg TrueSec Trust Domain-Driven Security The Untrusted Pa7ern

Secure Coding Patterns @andhallberg TrueSec Trust Domain-Driven Security The Untrusted Pa7ern Immutability The Inverse Life Coach Pa7ern Trust The founda>on of so?ware security 1. Hello! Im Businessman Bob! 2. Hello! Im the bank!

877 views • 69 slides
TRUST IN AUTOMATION How This Is Shaped By The Human Operator and The Underwater Domain #UDT2019

TRUST IN AUTOMATION How This Is Shaped By The Human Operator and The Underwater Domain #UDT2019

TRUST IN AUTOMATION How This Is Shaped By The Human Operator and The Underwater Domain #UDT2019 BAE SYSTEMS PROPRIETARY Introduction To aid in the facilitation of increasing levels of automation in Submarine Command and Control Centres.

355 views • 19 slides
Ashfield Building Group is a performance by each member or our team. Yorkshire based leader in

Ashfield Building Group is a performance by each member or our team. Yorkshire based leader in

We have achieved this by developing successful relationships throughout the construction process. Our culture is one that establishes lasting relationships with our customers by exceeding their expectations and building trust through exceptional

596 views • 27 slides
Evaluation of the TOGETHER Program: A Couples' Model to Enhance Relationships and Economic

Evaluation of the TOGETHER Program: A Couples' Model to Enhance Relationships and Economic

Evaluation of the TOGETHER Program: A Couples' Model to Enhance Relationships and Economic Stability Mariana K. Falconier, PhD Jinhee Kim, PhD Suzanne Cunningham Randolph, PhD Joan Z. Wang, PhD An X. Thai, MS Bethany Wang Lanterman, PhD Ray

875 views • 36 slides
Strengthening Weak Identities Through Inter-Domain Trust Transfer Giridhari Venkatadri,

Strengthening Weak Identities Through Inter-Domain Trust Transfer Giridhari Venkatadri,

Strengthening Weak Identities Through Inter-Domain Trust Transfer Giridhari Venkatadri, Oana Goga , Changtao Zhong, Bimal Viswanath, Nishanth Sastry, Krishna Gummadi Online

748 views • 40 slides
Measurement and Data Data describes the real world Data maps entities in the domain of

Measurement and Data Data describes the real world Data maps entities in the domain of

Measurement and Data Data describes the real world Data maps entities in the domain of interest to symbolic representation by means of a measurement procedure Numerical relationships between variables capture relationships between

502 views • 28 slides
Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted

Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted

Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern Immutability The Inverse Life Coach Pattern Trust The foundation of software security 1. Hello! Im Businessman Bob! 2. Hello! Im the

666 views • 66 slides
When Firms Meet Free Software: How To Avoid Proprietarization? Wednesday July, 10 th 2002 Bordeaux

When Firms Meet Free Software: How To Avoid Proprietarization? Wednesday July, 10 th 2002 Bordeaux

When Firms Meet Free Software: How To Avoid Proprietarization? Wednesday July, 10 th 2002 Bordeaux Libre Software Meeting Authors: Speaker: Thierry Pinon Julien Tayon Raphael Rousseau Julien Tayon When Firms Meet Free Software: How To

911 views • 69 slides
Back to School with the Community of Inquiry Model Contact North/Contact Nord Aug 28, 2020

Back to School with the Community of Inquiry Model Contact North/Contact Nord Aug 28, 2020

Back to School with the Community of Inquiry Model Contact North/Contact Nord Aug 28, 2020 Terry Anderson, Ph.D. Professor Emeritus Athabasca University terrya@athabascau.ca Online learning sucks I love online learning Online learning

671 views • 53 slides
Staff Open Meeting 21 July 2020 Introduction Todays agenda News update Flexible

Staff Open Meeting 21 July 2020 Introduction Todays agenda News update Flexible

Staff Open Meeting 21 July 2020 Introduction Todays agenda News update Flexible learning Safe campus/return to campus Growing our research Summary and questions News update: local Around 98% engagement by students in

571 views • 38 slides
In Instructio ional Str Strategies gies fo for Large Onlin Lar line Cl Classes asses JOH JOHN

In Instructio ional Str Strategies gies fo for Large Onlin Lar line Cl Classes asses JOH JOHN

8/7/2020 In Instructio ional Str Strategies gies fo for Large Onlin Lar line Cl Classes asses JOH JOHN GURN GURNAK, OFF OFFICE OF OF ON ONLINE LE LEARNING JESSI SSICA MANSB MANSBACH, CH, FA FACULTY CEN CENTER ER FOR FOR IG IGNATIAN PED

263 views • 9 slides
A.A. 2010-2011 Tecnologie per la Virtualizzazione delle Reti di Calcolatori Massimo RIMONDINI

A.A. 2010-2011 Tecnologie per la Virtualizzazione delle Reti di Calcolatori Massimo RIMONDINI

A.A. 2010-2011 Tecnologie per la Virtualizzazione delle Reti di Calcolatori Massimo RIMONDINI RCNG 02/11/10 Virtualization HA! HA! Easy! Virtualization DOh! Virtualization ... the act of decoupling the (logical) service from its

1.06k views • 89 slides
How do you design for active learning in an online, self-paced course? ICED Conference, Atlanta,

How do you design for active learning in an online, self-paced course? ICED Conference, Atlanta,

SDU CENTRE FOR TEACHING AND LEARNING SDU CENTRE FOR TEACHING AND LEARNING How do you design for active learning in an online, self-paced course? ICED Conference, Atlanta, June 2018 Christopher Kjr, ckjaer@sdu.dk Pernille Stenkil Hansen,

686 views • 21 slides
Concepts and principles of IT Aim Identify the IT concepts and principles for Assignment

Concepts and principles of IT Aim Identify the IT concepts and principles for Assignment

INF3280 31 January 2014 Concepts and principles of IT Aim Identify the IT concepts and principles for Assignment 2 Literature: Chapter 4. IT concepts 1 Which concepts and principles? Suitable for users to understand

321 views • 8 slides
International Cyber Crime Logan Hendershot Outline CSI International Cyber Crime

International Cyber Crime Logan Hendershot Outline CSI International Cyber Crime

International Cyber Crime Logan Hendershot Outline CSI International Cyber Crime Challenges of Cyber Crime International Aspects Conclusion/My Opinion Cyber Crime Example Reported Directly to FBI Challenges of Cyber Crime

372 views • 10 slides

More recommend