scanning and evaluating dns deployments in the internet
play

Scanning and Evaluating DNS Deployments in the Internet Johannes - PowerPoint PPT Presentation

Nov 18, 2023 •641 likes •832 views

Scanning and Evaluating DNS Deployments in the Internet Johannes Naab Master Thesis Intermediate Talk Advisors: O. Gasser, R. Holz, J. Schlamp Supervisor: Prof. G. Carle Chair for Network Architectures and Services Department of Informatics

  1. Scanning and Evaluating DNS Deployments in the Internet Johannes Naab Master Thesis Intermediate Talk Advisors: O. Gasser, R. Holz, J. Schlamp Supervisor: Prof. G. Carle Chair for Network Architectures and Services Department of Informatics Technische Universit¨ at M¨ unchen October 22, 2013 Johannes Naab (TU M¨ unchen) DNS Scan 1

  2. Agenda DNS Concepts 1 Why is DNS interesting? 2 Related work 3 Preliminary results 4 Schedule 5 Johannes Naab (TU M¨ unchen) DNS Scan 2

  3. Domain Name System . Zone Domain with Client Resolver Resource Records Zone with auhoritative Query/ name servers Response Delegation de. Zone net. Zone Figure : DNS Overview based on https://en.wikipedia.org/wiki/File:Domain_name_space.svg Johannes Naab (TU M¨ unchen) DNS Scan 3

  4. Why is DNS interesting? DNS is ubiquitous, nearly everything on the Internet depends on DNS DNSSEC: use public key cryptography to sign and validate DNS data disruptions can cause major problems Causes for disruptions configuration errors: wrong name server configuration, invalid and/or old data in zone files malicious attacks Johannes Naab (TU M¨ unchen) DNS Scan 4

  5. Related Work Understanding implications of DNS zone provisioning (2008) [1] analysis of zone transfer data in com. and net. with respect to authoritative name server resilience DNS Survey: October 2010 [4] sample of 1% of com., net. and org. zone, statistics for name servers, SOA records, lame and sideway delegations Quantifying the operational status of the DNSSEC deployment (2008) [2] 12k DNSSEC zones, evaluation of availability, verification (How many trust anchors?, . is signed only since 2010), and validity Impact of configuration errors on DNS robustness (2004) [3] active measurement of 50k zones for lame delegations, cyclic dependencies and authoritative name server resilience Johannes Naab (TU M¨ unchen) DNS Scan 5

  6. Scope of Work Obtain data active scanning of global DNS starting points: zone lists and reverse DNS create snapshots of the DNS database scanning DNS efficiently and unobtrusively Analyze data focus on zones, delegations and authoritative name servers consistency of data between the name servers in the zone itself between the zone and the parent configuration errors: delegations and dependencies DNSSEC deployments and errors Johannes Naab (TU M¨ unchen) DNS Scan 6

  7. Preliminary results (new) DNS scanner written in python using ldns and twisted existing tools such as dns-scraper don’t provide the necessary features scanner does full DNS resolution starting at the root zone challenges proper tracking of (circular) dependencies discovering all zone cuts ambiguities in specifications, and not knowing how the name server in question implements it Johannes Naab (TU M¨ unchen) DNS Scan 7

  8. Initial Scans com. Zone with 110M domains from zone file query NS, SOA RR on all name servers, ANY RR on a working name server 1000 raw queries/second/core 100 domains/second/core, 3 days for entire com. zone 3kB of DNS data per Domain (NS and SOA from all NS, one ANY), 300GB of raw query data for one scan unfortunately GoDaddy (domaincontrol.com) drops us Due to previous bugs, only the final 27% (30M) Domains have be analyzed Johannes Naab (TU M¨ unchen) DNS Scan 8

  9. Delegations delegations (NS records) are names (which need to be resolved) authoritative NS records are given by the zone itself for 15% the NS sets of parent and apex don’t match $ dig @a.gtld-servers.net. level3.net. ... ;; AUTHORITY SECTION: level3.net. 172800 IN NS ns1.l3.net. level3.net. 172800 IN NS ns2.l3.net. ... $ dig @ns1.l3.net. level3.net. ns ... ;; ANSWER SECTION: level3.net. 3600 IN NS ns1.level3.net. level3.net. 3600 IN NS ns2.level3.net. ... Johannes Naab (TU M¨ unchen) DNS Scan 9

  10. Lame Delegations com. Zone example.com. ns.example.net. A 1.2.3.4 example.com. unreachable/REFUSED Figure : Lame Delegations Johannes Naab (TU M¨ unchen) DNS Scan 10

  11. Zone Status 29969223 Zones 100.0% 100 80 65.4% 60 % 40 23.6% 20 6.1% 2.1% 1.4% 0.9% 0.6% 0 all Zones ANY Queries w/o Reply NXDomain GoDaddy Non Auth NS Q. Error Lame NS RR Johannes Naab (TU M¨ unchen) DNS Scan 11

  12. RR Type Popularity Popularity of RR Types in 19593012 ANY Queries 100 92.2% 91.9% 90.8% 80 66.5% 60 % 40 27.8% 20 2.7% 1.3% 0.9% 0.6% 0.6% 0.4% 0.3% 0 A NS SOA MX TXT AAAA PTR CNAME RRSIG DNSKEY NSEC3PARAM SPF Johannes Naab (TU M¨ unchen) DNS Scan 12

  13. Schedule July August September October November December January 2014 Evaluation existing Tools Develop, extend and improve new scanner Preparation and Intermediate Talk DNS Scanning Data Analysis and Evaluation Thesis Writing Johannes Naab (TU M¨ unchen) DNS Scan 13

  14. Thank you for your attention Thank you for your attention Questions? Johannes Naab (TU M¨ unchen) DNS Scan 14

  15. References I [1] Andrew J. Kalafut, Craig A. Shue, and Minaxi Gupta. Understanding implications of dns zone provisioning. In Proc. 8th IMC , 2008. [2] Eric Osterweil, Michael Ryan, Dan Massey, and Lixia Zhang. Quantifying the operational status of the dnssec deployment. In Proc. 8th IMC , 2008. [3] Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, and Lixia Zhang. Impact of configuration errors on dns robustness. In Proc. SIGCOMM ’04 , 2004. [4] Geoffrey Sisson. Dns survey: October 2010. Johannes Naab (TU M¨ unchen) DNS Scan 15

  16. Circular Dependencies . Zone com. Zone net. Zone example.com. NS \ example.net. NS \ ns.example.net. ns.example.com. example.com. example.net. Figure : Circular Dependencies Johannes Naab (TU M¨ unchen) DNS Scan 16

  17. Questionable DNS Configurations eu. Zone nl. Zone pro-serve.eu. proserve.nl. pro-serve.eu. NS ns1.proserve.nl. proserve.nl. NS ns1.proserve.nl. pro-serve.eu. NS ns2.pro-serve.be proserve.nl. NS ns2.pro-serve.eu. pro-serve.eu. NS ns3.proserve.nl. proserve.nl. NS ns3.proserve.org. ns1.proserve.nl. A 80.84.224.85 (Glue) pro-serve.eu. proserve.nl. Apex NS RRSet consistent Apex NS RRSet consistent with delegation according to with delegation according to ns1.proserve.nl. 80.84.224.85 ns1.proserve.nl. 80.84.224.85 Figure : Questionable out of Tree delegation Johannes Naab (TU M¨ unchen) DNS Scan 17

  18. Acceptance of Glue Records . Zone de. net. Zone de.net. de. NS {a,f,z}.nic.de. with Glue de. NS {l,n,s}.de.net. with Glue de.net. NS ns{1,2,3}.denic.de. de. Zone de.net. Zone nic.de. denic.de. Figure : Influence of acceptance of Glue records Johannes Naab (TU M¨ unchen) DNS Scan 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Scanning (and some other no-tech hacking) Todays Class Scanning the Internet for research

Scanning (and some other no-tech hacking) Todays Class Scanning the Internet for research

Scanning (and some other no-tech hacking) Todays Class Scanning the Internet for research Scanning the Internet for research Other no-tech hacking Definitions: domain name: google.com unm.edu a registrable

542 views • 19 slides
H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning Vulnerability Mitigation with Internet wide Scanning J. Alex Halderman Mining Your Ps and Qs: Widespread Weak Keys in Network Devices Nadia Heninger, Zakir

640 views • 53 slides
Internet-Wide Scanning and its Measurement Applications Zakir Durumeric University of Michigan

Internet-Wide Scanning and its Measurement Applications Zakir Durumeric University of Michigan

Internet-Wide Scanning and its Measurement Applications Zakir Durumeric University of Michigan RIPE 68 - Measurement, Analysis and Tools Working Group 15 May 2014 Golden Age of Internet Scanning As of the last year, it is now possible to scan

865 views • 23 slides
SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi , Chaz Lever, Fabian

SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi , Chaz Lever, Fabian

SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi , Chaz Lever, Fabian Monrose, Manos Antonakakis 1 2 Alexa, unlock the front door. 3 Internet of Things 4 Internet of Things 4 Internet of Things 4 Internet of Things

1.12k views • 77 slides
Internet-Wide Network Studies Previous research has shown promise of Internet-wide surveys Mining

Internet-Wide Network Studies Previous research has shown promise of Internet-wide surveys Mining

Fast Internet-Wide Scanning, ZMap Weak Keys and the HTTPS Certificate Ecosystem Zakir Durumeric Michael Bailey University of Michigan ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

491 views • 46 slides
Target Generation for Internet-wide IPv6 Scanning Austin Murdock, Frank Li, Paul Bramsen, Zakir

Target Generation for Internet-wide IPv6 Scanning Austin Murdock, Frank Li, Paul Bramsen, Zakir

Target Generation for Internet-wide IPv6 Scanning Austin Murdock, Frank Li, Paul Bramsen, Zakir Durumeric, Vern Paxson Background IPv4 scanning - Zmap . 2 Background 2 128 addresses => 10 30 years to scan 32 nybbles (hex

518 views • 28 slides
connecting those who need it most ICT/IoT Deployments for Health Care & Disaster Relief ICTP

connecting those who need it most ICT/IoT Deployments for Health Care & Disaster Relief ICTP

connecting those who need it most ICT/IoT Deployments for Health Care & Disaster Relief ICTP Trieste - May 2018 Our mission is to get the tools of Information and Communications Technologies (ICTs) -- computing, Internet access, telephony --

276 views • 23 slides
CYBERBULLYING / INTERNET SAFETY PARENT INFORMATION PRESENTATION WHO AM I ? Ger Brick From

CYBERBULLYING / INTERNET SAFETY PARENT INFORMATION PRESENTATION WHO AM I ? Ger Brick From

CYBERBULLYING / INTERNET SAFETY PARENT INFORMATION PRESENTATION WHO AM I ? Ger Brick From Killorglin Co. Kerry Worked with Microsoft for 17 Years IT Program Manager Enterprise Internet Deployments Privacy / Security Here

562 views • 43 slides
Detecting Security Problems and Internet Measurement Evaluating Security Solutions The

Detecting Security Problems and Internet Measurement Evaluating Security Solutions The

Detecting Security Problems and Internet Measurement Evaluating Security Solutions The Internet as a whole is poorly CS 239 measured Advanced Topics in Network And, hence, poorly understood Security No existing network-wide

354 views • 4 slides
Evaluating Databases for the Internet of Things David Gogrichiani Advisor(s): Stefan Liebald,

Evaluating Databases for the Internet of Things David Gogrichiani Advisor(s): Stefan Liebald,

Evaluating Databases for the Internet of Things David Gogrichiani Advisor(s): Stefan Liebald, Marc-Oliver Pahl Supervisor: Prof. Dr.-Ing. Georg Carle Technical University of Munich (TUM) Department of Informatics Chair of Network Architectures

489 views • 21 slides
ZMap and its Security Applications Zakir Durumeric Eric Wustrow J. Alex Halderman University

ZMap and its Security Applications Zakir Durumeric Eric Wustrow J. Alex Halderman University

Fast Internet-Wide Scanning ZMap and its Security Applications Zakir Durumeric Eric Wustrow J. Alex Halderman University of Michigan ZMap: Fast Internet-Wide Scanning and its Security Applications Internet-Wide Network Studies Previous

655 views • 32 slides
Information-Centric IoT Platforms for City-Scale Deployments Jiachen Chen WINLAB, Rutgers

Information-Centric IoT Platforms for City-Scale Deployments Jiachen Chen WINLAB, Rutgers

Information-Centric IoT Platforms for City-Scale Deployments Jiachen Chen WINLAB, Rutgers University, NJ, USA Email: jiachen@winlab.Rutgers.edu Information-Centric IoT Platforms for City-Scale Deployments 1 Dec. 2, 2016 Internet-of- Things

224 views • 9 slides
WE MAKE DIGITAL HUMANS CONTENTS SCANNING 3D EXTRAS - FACIAL SCANNING - HAIR + CLOTH -

WE MAKE DIGITAL HUMANS CONTENTS SCANNING 3D EXTRAS - FACIAL SCANNING - HAIR + CLOTH -

WE MAKE DIGITAL HUMANS CONTENTS SCANNING 3D EXTRAS - FACIAL SCANNING - HAIR + CLOTH - BODY SCANNING - REAL-TIME INTEGRATION MODELLING/TEXTURING - LIGHTING + RENDERING - CAMERA ANIMATION - MODELLING - HEAD TRACKING -

728 views • 42 slides
Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies with 1000+ web applications running Move to m -services architectures making things worse Huge shortage of skilled security engineers to

732 views • 48 slides
SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi , Chaz Lever, Fabian Monrose,

SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi , Chaz Lever, Fabian Monrose,

SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi , Chaz Lever, Fabian Monrose, Manos Antonakakis 1 2 Alexa, unlock the front door. 3 Internet of Things 4 5 Prior Work Security Analysis of Emerging Smart Home

592 views • 22 slides
Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan)

Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan)

3/12/20 Cases & Straps Mounts, stands, clamps. Types of Scanning 1 Switch Automatic Step/Dwell Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan) Switches SG SGD Sc Scan an

270 views • 4 slides
Device Management Device Management Organization Application Application Process Process API

Device Management Device Management Organization Application Application Process Process API

Device Management Device Management Organization Application Application Process Process API File File Manager Manager Device Device Driver Driver Hardware Interface Command Status Data Command Status Data Device Controller

435 views • 27 slides
XSPECTRA A tool for X-ray absorption spectra (XAS) calculations G. Radtke * & N. Mas *, *

XSPECTRA A tool for X-ray absorption spectra (XAS) calculations G. Radtke * & N. Mas *, *

XSPECTRA A tool for X-ray absorption spectra (XAS) calculations G. Radtke * & N. Mas *, * Institut de Minralogie, de Physique des Matriaux et de Cosmochimie, Universit Pierre et Marie Curie, Sorbonne Universits Synchrotron

1.3k views • 84 slides
Large-scale magnetic fields, non- Gaussianity, and gravitational waves from inflation Reference:

Large-scale magnetic fields, non- Gaussianity, and gravitational waves from inflation Reference:

Large-scale magnetic fields, non- Gaussianity, and gravitational waves from inflation Reference: Physical Review D 91, 043509 (2015) [arXiv:1411.4335 [astro-ph.CO]] Sakata Memorial KMI Workshop on Origin of Mass and Strong Coupling Gauge

563 views • 54 slides
Radiation Spectrum I Starting from the radiation field, we have Where A is defined as

Radiation Spectrum I Starting from the radiation field, we have Where A is defined as

Radiation Spectrum I Starting from the radiation field, we have Where A is defined as To obtain the power spectrum we need to work in the frequency domain P. Piot, PHYS 571 Fall 2007 Radiation Spectrum II Lets define

596 views • 15 slides
Announcements CSC 4103 - Operating Systems Fall 2009 * You should have received your grades as

Announcements CSC 4103 - Operating Systems Fall 2009 * You should have received your grades as

Announcements CSC 4103 - Operating Systems Fall 2009 * You should have received your grades as well as graded papers for: - Homework 1-4 Lecture - XXV - Quiz 1-3 Final Review - Midterm If not, please see me. * Only two quizzes with highest

286 views • 5 slides
Increasing Buffer-Locality for Multiple Index Based Scans through Intelligent Placement and Index

Increasing Buffer-Locality for Multiple Index Based Scans through Intelligent Placement and Index

IBM Research Increasing Buffer-Locality for Multiple Index Based Scans through Intelligent Placement and Index Scan Speed Control Christian A. Lang Database Research Group Bishwaranjan Bhattacharjee IBM T.J. Watson Research Center Tim

872 views • 65 slides
RNA-seq Introduc1on Promises and pi7alls RNA gives informa1on

RNA-seq Introduc1on Promises and pi7alls RNA gives informa1on

RNA-seq Introduc1on Promises and pi7alls RNA gives informa1on on which genes that are expressed How DNA get transcribed to RNA (and some1mes then

378 views • 35 slides
GeoJot+ Reseller Technical Training GeoJot+ Technical Training 2. Cloud 1. GeoJot+ App 4.

GeoJot+ Reseller Technical Training GeoJot+ Technical Training 2. Cloud 1. GeoJot+ App 4.

GeoJot+ Reseller Technical Training GeoJot+ Technical Training 2. Cloud 1. GeoJot+ App 4. GeoJot+ Administrators Dashboard 3. GeoJot+ Core February 6: GeoJot+ Technical Training February 13: GeoJot+ Sales Training February 20: Reseller

272 views • 8 slides

More recommend