probing for open dns resolvers
play

Probing for Open DNS Resolvers John Kristoff jtk@depaul.edu - PowerPoint PPT Presentation

Feb 21, 2024 •264 likes •371 views

Probing for Open DNS Resolvers John Kristoff jtk@depaul.edu Midwest Security Workshop jtk (jtk@depaul.edu) DNS Probing September 30, 2006 1 / 9 Open Resolvers Recursive - open access to a full resolver Forwarder - proxy access to a

  1. Probing for Open DNS Resolvers John Kristoff jtk@depaul.edu Midwest Security Workshop jtk (jtk@depaul.edu) DNS Probing September 30, 2006 1 / 9

  2. Open Resolvers • Recursive - open access to a full resolver • Forwarder - proxy access to a full resolver • Caching-only - recursion disabled, but cache data accessible • Restricted - resolver, but limited access, at most authoritative data jtk (jtk@depaul.edu) DNS Probing September 30, 2006 2 / 9

  3. Security Implications of Open Resolvers • Reflection attacks through spoofing • Small queries can solicit large answers for amplication attack • Cache enumeration and spying enabled • Remote cache poisoning difficulty is reduced • Resolver and network resource theft jtk (jtk@depaul.edu) DNS Probing September 30, 2006 3 / 9

  4. Selecting probe destinations • Hosts querying our resolvers and servers • Name servers listed in available TLD zone files • Sources of DNS amplification and reflection attacks • Authority and additional section RRs from answers to our queries • Full scanning of the routable IPv4 address space • Lists from colleagues, collaborators and other projects jtk (jtk@depaul.edu) DNS Probing September 30, 2006 4 / 9

  5. Open Resolver Probing Challenges • Checking the ra bit is an unreliable indictator • An open resolver may not return a NXDOMAIN for a bogus TLD • Low or TTL adherence is not guaranteed • Identical queries to the same destination may be handled differently • Rate limiting, filters or policy may apply to certain queries jtk (jtk@depaul.edu) DNS Probing September 30, 2006 5 / 9

  6. Our Multifaceted Probing Approach • Query for uniquely processed whoareyou and whoami names • Query for unique, but bogus TLD • Fingerprint with fpdns • Query for unique name in a zone we are authoritative for and monitor • Query for popular names and NS RRsets • Query for unique, but bogus name in popular zones and TLDs • Query using UDP and TCP • Query with and without EDNS0 support enabled • Distribute probe sources • Send queries with and without recursion desired (rd) bit set jtk (jtk@depaul.edu) DNS Probing September 30, 2006 6 / 9

  7. Recent Results • About 60% of a set of 52,000 attackers from Feb 2006 are still open • Answers that contain loopback answers may trigger black list handling • About 65-75% of open resolvers are running some flavor of ISC BIND • http://layer9.com/ ∼ jtk/tmp/dns-fp.txt • http://layer9.com/ ∼ jtk/tmp/dns-id.txt • Only a single email complaint after over about 4 million probes jtk (jtk@depaul.edu) DNS Probing September 30, 2006 7 / 9

  8. Probe Response Data Collection and Dissemination • Probe from a dedicated address and pcap everything to/from it • Pcap all queries for our unique names in our zones • Maintain database of timestamps, qname and answer data • Schedule continual re-testing of probes • Web interface for database lookup and feedback loop • Automated reports grouped by source ASN seen in current route table jtk (jtk@depaul.edu) DNS Probing September 30, 2006 8 / 9

  9. References and Credit • http://condor.depaul.edu/ ∼ jkristof/orns/ • http://www.net-dns.org • http://www.rfc.se/fpdns/ • http://dns.measurement-factory.com • Project collaborators: ◮ Duane Wessels , The Measurement Factory ◮ Roy Arends, Nomimet UK • Special thanks to DePaul University colleagues ◮ Professor Ehab Al-Shaer ◮ Nicola Foggi, Network Engineer ◮ Bill Weaheart, Security Coordinator • For the research-oriented position and salary, Neustar Ultra Services jtk (jtk@depaul.edu) DNS Probing September 30, 2006 9 / 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Open Resolvers and the Threat of Reflection Attacks John Kristoff jtk@depaul.edu DPU CTI

Open Resolvers and the Threat of Reflection Attacks John Kristoff jtk@depaul.edu DPU CTI

Open Resolvers and the Threat of Reflection Attacks John Kristoff jtk@depaul.edu DPU CTI Networks Seminar jtk (jtk@depaul.edu) ORs and Attacks September 21, 2006 1 / 26 A Review of the DNS Lookup Process jtk (jtk@depaul.edu) ORs and

626 views • 26 slides
Looking at DNS traces: What do we know about resolvers? lafur Gu mundsson Shinkuro

Looking at DNS traces: What do we know about resolvers? lafur Gu mundsson Shinkuro

Looking at DNS traces: What do we know about resolvers? lafur Gu mundsson Shinkuro Ogud@shinkuro.com Motivation: Open Questions What is the market share for resolver X What can we deduct from traces to a subset of authorative

623 views • 19 slides
DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich 2 DNS

DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich 2 DNS

DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich 2 DNS resolvers abstract complexity and offer the possibility of improved performance and better scalability . Why are they harmful? 3 Resolvers Are Vulnerable

618 views • 34 slides
CSE 373: Open addressing 3 If we collide, checking each next element until we fjnd an open slot.

CSE 373: Open addressing 3 If we collide, checking each next element until we fjnd an open slot.

CSE 373: Open addressing 3 If we collide, checking each next element until we fjnd an open slot. Strategy: Linear probing Open addressing: linear probing 5 When do we resize? How do we delete? (complicated, see section 04 handouts) where the

186 views • 4 slides
Occultations for Probing for Probing Occultations Atmosphere and Climate: Atmosphere and

Occultations for Probing for Probing Occultations Atmosphere and Climate: Atmosphere and

I nstitute for G eophysics, A strophysics, and M eteorology / U niversity of G raz A tmospheric R emote S ensing and Cli mate Sys tem Research Group ARSCliSys on the art of understanding the climate system Occultations for Probing for Probing

570 views • 12 slides
CS371m - Mobile Computing Content Providers And Content Resolvers Content Providers One of

CS371m - Mobile Computing Content Providers And Content Resolvers Content Providers One of

CS371m - Mobile Computing Content Providers And Content Resolvers Content Providers One of the four primary application components: activities content providers / content resolvers services broadcast receivers 2 Android

728 views • 50 slides
Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder System and Network Engineering

Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder System and Network Engineering

Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder System and Network Engineering July 2014 DNS Main Components Server Side: Authoritative Servers Resolvers (Recursive Resolvers, cache) Client Side: Stub resolvers

429 views • 30 slides
Tao Probing the End of the World 1 - 1 - Masato

Tao Probing the End of the World 1 - 1 - Masato

@YITP WS Tao Probing the End of the World 1 - 1 - Masato Taki RIKEN , i THES group .Yagi (KIAS) [ arXiv:1504.03672] Collaboration w/ S-S.Kim and F 2015.11/12 Tao Probing the End of the World new

1.01k views • 81 slides
Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belad 1

Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belad 1

Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belad 1 , Jean-Sbastien Coron 2 Emmanuel

1.04k views • 99 slides
Shrug Daemon Doing DNS the Hard Way Since 2015

Shrug Daemon Doing DNS the Hard Way Since 2015

Shrug Daemon Doing DNS the Hard Way Since 2015 https://en.wikipedia.org/wiki/Ayn_Rand#/media/File:Objectivist1.jpg Problem Statement RIPE Atlas probes have 2 DNS resolvers: Resolver local to probe RIPE Atlas central resolvers

713 views • 6 slides
Pr Probing new physics via via extr trem emely ely rar are e dec decay sear earch h wi

Pr Probing new physics via via extr trem emely ely rar are e dec decay sear earch h wi

Pr Probing new physics via via extr trem emely ely rar are e dec decay sear earch h wi with h GER ERDA A and nd LEGEN END Yoann KERMADIC LPSC seminar Grenoble 23 January 2020 Cru Crucial open issu ssues s in part rticle

1.01k views • 62 slides
DNS Rex Do you need an aggressive benchmark? Alex Rousskov The Measurement Factory DNS Rex At a

DNS Rex Do you need an aggressive benchmark? Alex Rousskov The Measurement Factory DNS Rex At a

DNS Rex Do you need an aggressive benchmark? Alex Rousskov The Measurement Factory DNS Rex At a Glance A performance test tool for DNS resolvers. Born 2009 A.D. (Cenozoic Era). Designed to intimidate powerful resolvers. Could

713 views • 22 slides
In Inferring the Deployment of f In Inbound Source Address Validation Using DNS Resolvers

In Inferring the Deployment of f In Inbound Source Address Validation Using DNS Resolvers

In Inferring the Deployment of f In Inbound Source Address Validation Using DNS Resolvers Maciej Korczyski*, Yevheniya Nosyk*, Qasim Lone , Marcin Skwarek*, Baptiste Jonglez*, and Andrzej Duda* *Universit Grenoble Alpes, CNRS, Grenoble

546 views • 16 slides
Linear probing with constant independence Anna Pagh, Rasmus Pagh, and Milan Ru i IT

Linear probing with constant independence Anna Pagh, Rasmus Pagh, and Milan Ru i IT

Linear probing with constant independence Anna Pagh, Rasmus Pagh, and Milan Ru i IT University of Copenhagen STOC 2007 Hashing with linear probing Hashing with linear probing Hashing with linear probing Hashing with linear probing

827 views • 48 slides
Caching in with Resolvers Norman Walsh http://www.sun.com/ XML Conference & Exposition 2003

Caching in with Resolvers Norman Walsh http://www.sun.com/ XML Conference & Exposition 2003

Caching in with Resolvers Norman Walsh http://www.sun.com/ XML Conference & Exposition 2003 07-12 December 2003 Version 1.0 Introduction Using URIs The Problem Solutions Catalog-based Resolution Proxy Caches

1.26k views • 47 slides
Probing trans-Neptunian Objects Probing trans-Neptunian Objects with stellar occultations in Gaia

Probing trans-Neptunian Objects Probing trans-Neptunian Objects with stellar occultations in Gaia

Probing trans-Neptunian Objects Probing trans-Neptunian Objects with stellar occultations in Gaia occultations in Gaia era era with stellar Bruno Sicardy Observatoire de Paris - LESIA & universit Pierre et Marie Curie Solar system

908 views • 41 slides
P 4 PCN: Privacy-Preserving Path Probing for Payment Channel Networks Ruozhou Yu, Assistant

P 4 PCN: Privacy-Preserving Path Probing for Payment Channel Networks Ruozhou Yu, Assistant

P 4 PCN: Privacy-Preserving Path Probing for Ruozhou Yu , Yinxin Wan, Vishnu Teja Kilari, Guoliang Xue, Jian Tang, Dejun Yang Payment Channel Networks P 4 PCN: Privacy-Preserving Path Probing for Payment Channel Networks Ruozhou Yu, Assistant

197 views • 5 slides
Examining How The Great Firewall Discovers Hidden Circumvention Servers Roya Ensafi , David

Examining How The Great Firewall Discovers Hidden Circumvention Servers Roya Ensafi , David

Examining How The Great Firewall Discovers Hidden Circumvention Servers Roya Ensafi , David Fifield, Philipp Winter, Nick Feamster, Nicholas Weaver, and Vern Paxson Oct 29, 2015 1 Circumventing Internet Censorship Using Proxies Web servers

641 views • 41 slides
A Flexible Probe Level Approach to Improving the Quality and Relevance of Affymetrix Microarray

A Flexible Probe Level Approach to Improving the Quality and Relevance of Affymetrix Microarray

A Flexible Probe Level Approach to Improving the Quality and Relevance of Affymetrix Microarray Data Chris Harbron Discovery Statistics AstraZeneca Non-Clinical Statistics Conference, Leuven, September 2008 Microarrays Enable

248 views • 23 slides
thread creation / POSIX / process management 1 Changelog 21 January 2020 (between 12:30pm and

thread creation / POSIX / process management 1 Changelog 21 January 2020 (between 12:30pm and

thread creation / POSIX / process management 1 Changelog 21 January 2020 (between 12:30pm and 3:30pm lecture): added alternate version of typical pattern slide 1 last time handling non-system-call exceptions context switching in xv6

1.41k views • 124 slides
Defining and Using Procedures Defining and Using Procedures Creating Procedures

Defining and Using Procedures Defining and Using Procedures Creating Procedures

Defining and Using Procedures Defining and Using Procedures Creating Procedures Documenting Procedures Example: SumOf Procedure CALL and RET Instructions Nested Procedure Calls Local and Global Labels Procedure

625 views • 24 slides
07 Your shell, jobs, and proc CS 2043: Unix Tools and Scripting, Spring 2019 [2] Matthew

07 Your shell, jobs, and proc CS 2043: Unix Tools and Scripting, Spring 2019 [2] Matthew

07 Your shell, jobs, and proc CS 2043: Unix Tools and Scripting, Spring 2019 [2] Matthew Milano February 6, 2019 Cornell University 1 Table of Contents 1. Processes Overview 2. Modifying Processes 3. Jobs 4. Customizing your Terminal

1.1k views • 37 slides
Struck: Structured Output Tracking with Kernels Sam Hare, Amir Saffari, And Philip H. S. Torr

Struck: Structured Output Tracking with Kernels Sam Hare, Amir Saffari, And Philip H. S. Torr

Struck: Structured Output Tracking with Kernels Sam Hare, Amir Saffari, And Philip H. S. Torr International Conference On Computer Vision (ICCV), 2011 Motivations Problem: tracking-by-detection Input: target Output: locations over times

832 views • 39 slides
CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&A)

CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&A)

CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&A) Alberto Alvarez CS423: Operating Systems Design MP1 Goals Get yourself familiar with Linux kernel programming Learn to use the kernels linked

451 views • 32 slides

More recommend