large scale analysis of infrastructure leaking dns servers
play

Large-scale Analysis of Infrastructure-leaking DNS Servers Dennis - PowerPoint PPT Presentation

Jul 02, 2023 •138 likes •422 views

Large-scale Analysis of Infrastructure-leaking DNS Servers Dennis Tatang , Carl Schneider, Thorsten Holz Ruhr-University Bochum, Germany Motivation DNS: www.rub.de 134.147.64.10 Daily use on the Internet by every user Various

  1. Large-scale Analysis of Infrastructure-leaking DNS Servers Dennis Tatang , Carl Schneider, Thorsten Holz Ruhr-University Bochum, Germany

  2. Motivation • DNS: www.rub.de 134.147.64.10 • Daily use on the Internet by every user • Various studies: DDoS, Censorship, Measurements • Overlooked aspect: Leaking DNS servers to external queries with internal network information DIMVA 2019, Gothenburg

  3. Reconnaissance • Information leakage part of active infrastructure reconnaissance • Goal: Get as much information as possible about a target network DIMVA 2019, Gothenburg

  4. Contributions • Measurement approach to find information leaking DNS servers • Systematic study on DNS servers that might expose internal network information to external requests • Self-check for identifying information-leaking DNS servers DIMVA 2019, Gothenburg

  5. Domain Name System (DNS) • Distributed, hierarchy-based service • Primarily responsible for translation of domain names into IP addresses (A, AAAA) • Reverse lookup (PTR) • Private IP ranges ( 10/8 , 172.16/12 , 192.168/16 ) DIMVA 2019, Gothenburg

  6. Idea • Using reverse DNS requests for internal resources on Internet reachable DNS servers DIMVA 2019, Gothenburg

  7. Discovering Leaking DNS Servers DNS server IPv4 Censys database Scan server DNS server ... Private networks ... DIMVA 2019, Gothenburg

  8. Discovering Leaking DNS Servers 3 requests per private IP range DNS server IPv4 Censys database Scan server DNS server ... Private networks ... DIMVA 2019, Gothenburg

  9. General Measurement Results 10.000.000 8.000.000 6.000.000 4.000.000 2.000.000 0 2018-09-08 2018-10-08 2018-11-08 2018-12-08 2019-01-08 800.000 600.000 400.000 200.000 0 2018-09-08 2018-10-08 2018-11-08 2018-12-08 2019-01-08 DIMVA 2019, Gothenburg

  10. Response Groups (1) Localhost : “localhost.” Single : one host Emptyresponse : “.” IP : IP addresses Arpa : Reverse DNS Bogon : “bogon.” Constant : unique hostname for all hosts DIMVA 2019, Gothenburg

  11. Response Groups (2) Enduser : Keyword-based Other • apple, iphone, ipad, samsung, galaxy, home DIMVA 2019, Gothenburg

  12. Response Groups (3) No information Active hosts, Active hosts, advantage used subnet used subnet, hostnames Bogon Localhost Emptyresponse Constant Arpa Enduser IP Single Other DIMVA 2019, Gothenburg

  13. General Measurement Results 600.000 500.000 400.000 300.000 200.000 100.000 0 2018-09-08 2018-10-08 2018-11-08 2018-12-08 2019-01-08 localhost single ip emptyresponse constant other enduser arpa bogon DIMVA 2019, Gothenburg

  14. In-depth Analysis • Daemon information • AS numbers • Countries • Private IP ranges • Hostname pattern analysis DIMVA 2019, Gothenburg

  15. Daemon Information 80.000 100% 90% 70.000 80% 60.000 70% 50.000 60% 40.000 50% 40% 30.000 30% 20.000 20% 10.000 10% 0% 0 2018-10-01 2018-11-01 2018-12-01 2019-01-01 2018-10-01 2018-11-01 2018-12-01 2019-01-01 dnsmasq BIND MS DNS PowerDNS dnsmasq BIND MS DNS PowerDNS DIMVA 2019, Gothenburg

  16. AS Numbers & Countries DIMVA 2019, Gothenburg

  17. AS Numbers & Countries DIMVA 2019, Gothenburg

  18. Countries (normalized) Country Share Count British Virgin Islands 80% 2,533 Macao 41% 898 Comoros 29% 14 DIMVA 2019, Gothenburg

  19. Countries (normalized) Country Share Count British Virgin Islands 80% 2,533 Macao 41% 898 Comoros 29% 14 Country Share China 9% USA 3% Romania 15% Russia 3.4% DIMVA 2019, Gothenburg

  20. Private IP Ranges 100% 80% 60% 40% 20% 0% 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 DIMVA 2019, Gothenburg

  21. Hostname Pattern Analysis DIMVA 2019, Gothenburg

  22. Hostname Pattern Analysis Other Enduser 73 clusters 45 clusters DIMVA 2019, Gothenburg

  23. Example Hostname Patterns • <placeholder>.iPhone , <placeholder>.iPad • android-<placeholder> • amazon-<placeholder> • <placeholder>desktop, <placeholder>-PC • Other: • firewall<placeholder>, <placeholder>.dmz DIMVA 2019, Gothenburg

  24. Mitigation & Self-Check DIMVA 2019, Gothenburg

  25. Discussion • Share is about 3.9% - Absolute numbers up to 574,000 servers • Proper information leakage present with up to 158,000 servers • No implementation problem but rather a configuration problem • Number of potentially usable leaking DNS servers highest in the USA DIMVA 2019, Gothenburg

  26. Conclusion • Observed that misconfigured DNS servers might leak internal information to external intruders without the need for an exploit or vulnerability (configuration issue) • Almost 4% of the DNS servers might leak such information • Not a major Internet security problem, but the absolute numbers should be reduced • Data at https://github.com/RUB-SysSec/InfraLeakingDNS DIMVA 2019, Gothenburg

  27. Questions? Conclusion Dennis Tatang • Observed that misconfigured DNS servers dennis.tatang@rub.de might leak internal information to external intruders without the need for an exploit or @dennis4its on Twitter vulnerability (configuration issue) • Almost 4% of the DNS servers might leak such information • Not a major Internet security problem, but the absolute numbers should be reduced • Data at https://github.com/RUB- SysSec/InfraLeakingDNS DIMVA 2019, Gothenburg

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

E Evolution of NTCIR: l Infrastructure of Large-Scale Infrastructure of Large Scale

E Evolution of NTCIR: l Infrastructure of Large-Scale Infrastructure of Large Scale

E Evolution of NTCIR: l Infrastructure of Large-Scale Infrastructure of Large Scale Information Access Technologies Evaluation and Testing Evaluation and Testing Noriko Kando Noriko Kando National Institute of Informatics, Japan

632 views • 61 slides
Allocation of Clients to Multiple Servers on Large Scale Heterogeneous Platforms Olivier

Allocation of Clients to Multiple Servers on Large Scale Heterogeneous Platforms Olivier

Allocation of Clients to Multiple Servers on Large Scale Heterogeneous Platforms Olivier Beaumont, Lionel Eyraud-Dubois, Christopher Thaves-Caro Laboratoire Bordelais de Recherche en Informatique Equipe CEPAGE (INRIA) Scheduling in

373 views • 35 slides
OpenINTEL an infrastructure for long-term, large-scale and high-performance active DNS

OpenINTEL an infrastructure for long-term, large-scale and high-performance active DNS

OpenINTEL an infrastructure for long-term, large-scale and high-performance active DNS measurements DACS DACS Design and Analysis of Communication Systems Why measure DNS? (Almost) every networked service relies on DNS DNS

773 views • 15 slides
INFRASTRUCTURE 2110414 Large Scale Computing Systems Natawut Nupairoj, Ph.D. Outline 2

INFRASTRUCTURE 2110414 Large Scale Computing Systems Natawut Nupairoj, Ph.D. Outline 2

2110414 - Large Scale Computing Systems 1 LARGE SCALE INFRASTRUCTURE 2110414 Large Scale Computing Systems Natawut Nupairoj, Ph.D. Outline 2 Overview Hardware Virtualization Storage Technology 2110414 - Large Scale Computing

512 views • 29 slides
Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code

Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code

Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy Vitor Monte Afonso 1 , Antonio Bianchi 2

524 views • 34 slides
Sourcerer: An Infrastructure for Large-scale Collection and Analysis of Open-source Code Sushil

Sourcerer: An Infrastructure for Large-scale Collection and Analysis of Open-source Code Sushil

Sourcerer: An Infrastructure for Large-scale Collection and Analysis of Open-source Code Sushil Bajracharya, Joel Ossher , Cristina Lopes Sushil Bajracharya, Joel Ossher , Cristina Lopes Donald Bren School of Information and Computer Sciences

245 views • 21 slides
Locality Aware Mechanisms for Large-scale Networks: The Tapestry Infrastructure John D.

Locality Aware Mechanisms for Large-scale Networks: The Tapestry Infrastructure John D.

Locality Aware Mechanisms for Large-scale Networks: The Tapestry Infrastructure John D. Kubiatowicz UC Berkeley Global Scale Applications Clear demand for global scale applications Exploiting collective resources File sharing, data

406 views • 19 slides
Designing Hybrid Data Processing Systems for Heterogeneous Servers Peter Pietzuch Large-Scale

Designing Hybrid Data Processing Systems for Heterogeneous Servers Peter Pietzuch Large-Scale

Designing Hybrid Data Processing Systems for Heterogeneous Servers Peter Pietzuch Large-Scale Distributed Systems (LSDS) Group Imperial College London http://lsds.doc.ic.ac.uk &lt;prp@imperial.ac.uk&gt; 1 University of Cambridge

645 views • 40 slides
Granula: Toward Fine-grained Performance Analysis of Large-scale Graph Processing Platforms Wing

Granula: Toward Fine-grained Performance Analysis of Large-scale Graph Processing Platforms Wing

Granula: Toward Fine-grained Performance Analysis of Large-scale Graph Processing Platforms Wing Lung Ngai, Tim Hegeman, Stijn Heldens, and Alexandru Iosup @Large Research Massivizing Computer Systems Large-scale Graph Processing 2 OpenG

266 views • 13 slides
A&quot;Large(Scale&quot;Analysis&quot;of&quot;the&quot;

A&quot;Large(Scale&quot;Analysis&quot;of&quot;the&quot;

A&quot;Large(Scale&quot;Analysis&quot;of&quot;the&quot; Security&quot;of&quot;Embedded&quot;Firmwares Presented(by(Zhenyu Ning 1 Contents 1.(Background 2.(Motivation(&amp;(Challenges 3.(Architecture 4.(Analysis(Result(&amp;(Case(study

784 views • 23 slides
Introduction to Performance Analysis Visualization and Analysis of Performance on Large-scale

Introduction to Performance Analysis Visualization and Analysis of Performance on Large-scale

Introduction to Performance Analysis Visualization and Analysis of Performance on Large-scale Software VAPLS 2013 Todd Gamblin Katherine Isaacs UC Davis, LLNL LLNL Why does my code run slowly? Bad algorithm 1. Poor computational

2.17k views • 12 slides
Panel Discussion: Realizing large scale infrastructure projects Content: 1. Who are we 2. What

Panel Discussion: Realizing large scale infrastructure projects Content: 1. Who are we 2. What

Brgerinitiative PRO ERDKABEL Bad Gandersheim/Kreiensen Panel Discussion: Realizing large scale infrastructure projects Content: 1. Who are we 2. What do we want ? - Our targets 3. What have we done ? 4. Examples for getting acceptance

293 views • 14 slides
Understanding the Impact of Network Infrastructure Changes using Large-Scale Measurement Platforms

Understanding the Impact of Network Infrastructure Changes using Large-Scale Measurement Platforms

Understanding the Impact of Network Infrastructure Changes using Large-Scale Measurement Platforms Vaibhav Bajpai and Jrgen Schnwlder {v.bajpai, j.schoenwaelder}@jacobs-university.de AIMS 2013, Barcelona Computer Networks and Distributed

761 views • 19 slides
robust control for analysis and design of large-scale optimization algorithms Laurent Lessard

robust control for analysis and design of large-scale optimization algorithms Laurent Lessard

robust control for analysis and design of large-scale optimization algorithms Laurent Lessard University of WisconsinMadison Joint work with Ben Recht and Andy Packard LCCC Workshop on Large-Scale and Distributed Optimization Lund

435 views • 32 slides
Multi-scale Analysis of Large Distributed Computing Systems Lucas M. Schnorr, Arnaud Legrand,

Multi-scale Analysis of Large Distributed Computing Systems Lucas M. Schnorr, Arnaud Legrand,

Introduction Multi-scale Analysis Approach Experimental Framework Results and Analysis Conclusion Multi-scale Analysis of Large Distributed Computing Systems Lucas M. Schnorr, Arnaud Legrand, Jean-Marc Vincent INRIA Mescal, CNRS LIG

583 views • 27 slides
Using CellProfiler for Biological Image Analysis Quantitative Analysis of Large-Scale Biological

Using CellProfiler for Biological Image Analysis Quantitative Analysis of Large-Scale Biological

Using CellProfiler for Biological Image Analysis Quantitative Analysis of Large-Scale Biological Image Data Mark-Anthony Bray, Ph.D Imaging Platform, Broad Institute Cambridge, Massachusetts, USA mbray@broadinstitute.org 0.4233 54,454

701 views • 52 slides
DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses

DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses

DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to 131.179.192.144 DNS also provides other similar services It wasnt designed with security in

431 views • 26 slides
On Robust Covert Channels Inside DNS Lucas Nussbaum , Pierre Neyron and Olivier Richard

On Robust Covert Channels Inside DNS Lucas Nussbaum , Pierre Neyron and Olivier Richard

On Robust Covert Channels Inside DNS Lucas Nussbaum , Pierre Neyron and Olivier Richard Laboratoire dInformatique de Grenoble / INRIA Lucas Nussbaum, Pierre Neyron and Olivier Richard On Robust Covert Channels Inside DNS 1 / 18 Introduction

784 views • 18 slides
DNS and BGP CS642: Computer Security Professor Ristenpart

DNS and BGP CS642: Computer Security Professor Ristenpart

DNS and BGP CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

798 views • 35 slides
Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela

Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela

Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela Measuring from censorship to state-sponsored attacks Andrs E. Azprua #imv2020 @VEsinFiltro VEsinFiltro.com VENEZUELAN CONTEXT Critical failure

833 views • 56 slides
DNS of Multiphase Flows Simple Front Tracking DNS of Multiphase Flows Direct Numerical

DNS of Multiphase Flows Simple Front Tracking DNS of Multiphase Flows Direct Numerical

DNS of Multiphase Flows Simple Front Tracking DNS of Multiphase Flows Direct Numerical Software is needed for a variety of purposes. Simulations of In addition to large scale somewhat general purpose codes that represent close

179 views • 4 slides
DNS Basics 1 Computers use IP Addresses To send an IP datagram to another computer on

DNS Basics 1 Computers use IP Addresses To send an IP datagram to another computer on

DNS Basics 1 Computers use IP Addresses To send an IP datagram to another computer on Internet (e.g. a web server), must know its IP address What is the IP address of the computer running ICT website? Registration? Facebook? Humans

214 views • 8 slides
ISOC ION Conference Advancing the Network - Where Weve Been, Where Were Headed Shumon

ISOC ION Conference Advancing the Network - Where Weve Been, Where Were Headed Shumon

ISOC ION Conference Advancing the Network - Where Weve Been, Where Were Headed Shumon Huque Ron Broersma Paul Ebersman John Spence Paul Mockapetris San Diego, California, December 11th 2012 1 Advancing the Network: Where We've Been,

542 views • 9 slides
Migrating 515 AD servers to Samba Caglar Ulkuderner In a galaxy NOT far far away!

Migrating 515 AD servers to Samba Caglar Ulkuderner In a galaxy NOT far far away!

Migrating 515 AD servers to Samba Caglar Ulkuderner In a galaxy NOT far far away! caglar@profelis.com.tr SambaXP 2020 * All StarWars images are sourced at www.StarWars.com Regions Digital Transformation Ankara stanbul Sofya Doha

500 views • 16 slides

More recommend