security in plain txt
play

Security in Plain TXT Observing the Use of DNS TXT Records in the - PowerPoint PPT Presentation

Mar 12, 2024 •136 likes •345 views

Security in Plain TXT Observing the Use of DNS TXT Records in the Wild Adam Portier, Villanova University Henry Carter, Villanova University Charles Lever, Georgia Institute of Technology October 2014 DNS Amplification Attack Akamai: Security

  1. Security in Plain TXT Observing the Use of DNS TXT Records in the Wild Adam Portier, Villanova University Henry Carter, Villanova University Charles Lever, Georgia Institute of Technology

  2. October 2014 DNS Amplification Attack Akamai: Security bulletin: Crafted dns text attack. https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/dns-txt-amplification-attacks-cybersecurity-threat-a dvisory.pdf (2014)

  3. Why TXT Records? Very little research performed in this area ● Use cases varied and unconstrained ● Expected to find misuse ●

  4. DNS TXT Records

  5. Methodology Collected 1.4 B DNS TXT records collected over a 2 year period ● Developed a taxonomy to describe categories of record uses ● Performed analysis on records ●

  6. ActiveDNS Dataset June 2016 - May 2018

  7. Taxonomy

  8. Protocol Enhancement Records

  9. Protocol Enhancement Takeaways SPF Usage is Increasing ● The majority of domains are using some SaaS for email ● DMARC adoption is slow ● RRSIG coverage was very low (apx 6%) ●

  10. Domain Verification Records

  11. Domain Verification Takeaways Wide variety of SaaS applications requiring verification ● Public documentation poor ● Size and complexity of records vary widely ●

  12. Resource Location Records Found 9,961 records from 4 applications ● Ivanti Landesk ○ Symantec MDM ○ JBoss Fuse ○ Bittorrent ○

  13. Long Tail 8% of the records were initially categorized as “unknown” ● Diminishing returns on patterns ● Wanted to identify if records were structured or random ● Explore if records could be used in amplification attacks ●

  14. Analysis of Long Tail - Entropy

  15. Analysis of Long Tail - Length

  16. Information Leakage

  17. Service Hijacking

  18. Amplification Attacks “What is .tel? The .tel is the only top level domain (TLD) that offers a free and optional hosting service that allows individuals and businesses alike to store and manage all their contact information and media directly in the DNS without the need to build, host or manage a website. A typical top-level domain stores IP addresses in the DNS and returns them when queried. If you do not wish to use the free Telhosting service, that is fine as you can use your .tel for any purpose of your choosing e.g. hosting your own website.”

  19. Summary 52 Distinct Applications ● 3 Categories of Use ● All use cases have potential abuses ● Documentation around when records checked very poor ● Records should be obfuscated ● Unguessable subdomains ○ Remove service specific identifiers ○ Records should be signed with DNSSEC ●

  20. Questions? Adam Portier aporti01@villanova.edu aportier@haverford.edu

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tobacco plain packaging? Australia implemented plain packaging in 2012 Some other countries plan

Tobacco plain packaging? Australia implemented plain packaging in 2012 Some other countries plan

Tobacco plain packaging: is it effective in tobacco control? Karine Gallopel-Morvan Professor in social marketing, French School of Public Health (EHESP), Rennes (France) Tobacco plain packaging? Australia implemented plain packaging in 2012

481 views • 22 slides
Best Practice Plain Language Amy Bunk Plain Language Action and Information Network Plain

Best Practice Plain Language Amy Bunk Plain Language Action and Information Network Plain

Best Practice Plain Language Amy Bunk Plain Language Action and Information Network Plain language History History 1970s: President Nixon the Federal Register be written in layman's terms. Federal Communications

505 views • 29 slides
Writing in plain English North West Medicines Information Centre Plain English? A singular

Writing in plain English North West Medicines Information Centre Plain English? A singular

Writing in plain English North West Medicines Information Centre Plain English? A singular specimen of the scientific class aves contained within the boundaries of the upper prehensile is equivalently valuable as a doubled inventory of that

1.63k views • 40 slides
LNG Supply To the Yukon A Local First Nation Initiative History Hi t 4 E 4. Eagle Plain l

LNG Supply To the Yukon A Local First Nation Initiative History Hi t 4 E 4. Eagle Plain l

LNG Supply To the Yukon A Local First Nation Initiative History Hi t 4 E 4. Eagle Plain l Pl i 1. Eagle Plain 3. Eagle LNG Module Exploration & 2. Unprocessed Plain & Loading Development Gas Pipelines Gas Facility Wells

117 views • 10 slides
General Groundwater Concepts for GSP Development in the Santa Rosa Plain Santa Rosa Plain

General Groundwater Concepts for GSP Development in the Santa Rosa Plain Santa Rosa Plain

General Groundwater Concepts for GSP Development in the Santa Rosa Plain Santa Rosa Plain Groundwater Sustainability Agency Advisory Committee Meeting May 7, 2018 sonomacountygroundwater.org Presentation Overview 1. Aquifer Properties and

549 views • 27 slides
Groundwater in the Santa Rosa Plain Santa Rosa Plain Groundwater Sustainability Agency October

Groundwater in the Santa Rosa Plain Santa Rosa Plain Groundwater Sustainability Agency October

. Groundwater in the Santa Rosa Plain Santa Rosa Plain Groundwater Sustainability Agency October 12, 2017 Marcus Trotta, PG, CHg Principal Hydrogeologist Sonoma County Water Agency www.sonomacountywater.org Presentation Overview 1.

301 views • 29 slides
PPN Conference Introduction to plain English Sean Driver sdriver@nala.ie 11 October 2019

PPN Conference Introduction to plain English Sean Driver sdriver@nala.ie 11 October 2019

PPN Conference Introduction to plain English Sean Driver sdriver@nala.ie 11 October 2019 Outline What NALA do What plain English is Benefits of plain English Benefits to you 1. NALAs aim is to help more people improve their skills.

605 views • 48 slides
Towards an exhaustification analysis of plain disjunction in Russian Formal Approaches to Russian

Towards an exhaustification analysis of plain disjunction in Russian Formal Approaches to Russian

Towards an exhaustification analysis of plain disjunction in Russian Formal Approaches to Russian Linguistics 3 Pavel Rudnev pasha.rudnev@gmail.com 56 April 2019 Disjunction and polarity Focus of this talk syntax and semantics of plain

237 views • 21 slides
8. Systems neuroscience: How do we see? Introduction What does it mean, to see? The plain man's

8. Systems neuroscience: How do we see? Introduction What does it mean, to see? The plain man's

8. Systems neuroscience: How do we see? Introduction What does it mean, to see? The plain man's answer (and Aristotle's, too) would be, to know what is where by looking. [David Marr] The magic of the human visual system are often lost on us

300 views • 18 slides
You never know what is hiding in plain sight. Consider what was hanging above the hotplate in the

You never know what is hiding in plain sight. Consider what was hanging above the hotplate in the

Feast of the Presentation of the Lord Lumen ad revelationem gentium February 1-2, 2020 Readings: Malachi 3:1-4; Hebrews 2:14-18; Luke 2:22-40 You never know what is hiding in plain sight. Consider what was hanging above the hotplate in the

510 views • 3 slides
Discovering Morphological Paradigms from Plain Text Using a

Discovering Morphological Paradigms from Plain Text Using a

Discovering Morphological Paradigms from Plain Text Using a Dirichlet Process Mixture Model Dreyer et al. (2011) Amey Chaugule achaugu2@illinois.edu

372 views • 21 slides
Health Literacy, Plain Language, and Clear Health Communication Sue Stableford, MPH, MSB

Health Literacy, Plain Language, and Clear Health Communication Sue Stableford, MPH, MSB

Health Literacy, Plain Language, and Clear Health Communication Sue Stableford, MPH, MSB Aging ME GWEP Consultant & Trainer Health Literacy, Plain Language, and Clear Health Communication Slide references and notes are in a separate

415 views • 27 slides
An MPTCP Option for Network- Assisted MPTCP Deployments: Plain Transport Mode

An MPTCP Option for Network- Assisted MPTCP Deployments: Plain Transport Mode

IETF 95 th An MPTCP Option for Network- Assisted MPTCP Deployments: Plain Transport Mode draft-boucadair-mptcp-plain-mode-06 IETF 95-Buenos Aires, March 2016 M. Boucadair (Orange) C. Jacquenet (Orange) D. Behaghel (OneAccess) S. Secci

542 views • 18 slides
Welcome to our Phonics Workshop Our Ou r Ai Aim m To expla To plain in our ur approach

Welcome to our Phonics Workshop Our Ou r Ai Aim m To expla To plain in our ur approach

Welcome to our Phonics Workshop Our Ou r Ai Aim m To expla To plain in our ur approach roach to o teaching ching phonics nics and nd early ly reading ding, , ena nabling bling yo you as a parent/car ent/carer er to sup

436 views • 29 slides
Strategies to improve health literacy: plain English and teach back Claire ORiordan, NALA 4

Strategies to improve health literacy: plain English and teach back Claire ORiordan, NALA 4

Strategies to improve health literacy: plain English and teach back Claire ORiordan, NALA 4 March 2016 What I am going to cover Definitions of teach back and plain English Support for each strategy Tips for using both strategies

662 views • 48 slides
Be Beyon ond t the p e plain lain lan langu guag age ed e edit it:

Be Beyon ond t the p e plain lain lan langu guag age ed e edit it:

Be Beyon ond t the p e plain lain lan langu guag age ed e edit it: : Going t Goi the e e extra mi mile 9:0010:30 a.m. April 1, 2016 Tracy Torche* and

466 views • 46 slides
The SDDS Toolkit Michael Borland Operations Analysis Group ADVANCED PHOTON SOURCE What do the

The SDDS Toolkit Michael Borland Operations Analysis Group ADVANCED PHOTON SOURCE What do the

ADVANCED PHOTON SOURCE The SDDS Toolkit Michael Borland Operations Analysis Group ADVANCED PHOTON SOURCE What do the following items from recent operations logbooks have in common? SCR files of the injectors were saved. RMS beam motion

443 views • 21 slides
System Modelling and Design Introduction to the B Method and B Toolkit Revision: 1.1, February

System Modelling and Design Introduction to the B Method and B Toolkit Revision: 1.1, February

Outline B Mathematical Toolkit Set Theory Predicate Calculus Notation The B-Toolkit A Simple Model Modelling a Coffee Club Specifying a Robust machine A Question of Identity System Modelling and Design Introduction to the B Method and B

2.24k views • 190 slides
R elic elic toolkit http://code.google.com/p/relic-toolkit/ Diego F. Aranha RELIC

R elic elic toolkit http://code.google.com/p/relic-toolkit/ Diego F. Aranha RELIC

RELIC is an Efficient LIbrary for Cryptography Diego F. Aranha Department of Computer Science University of Bras lia R elic elic toolkit http://code.google.com/p/relic-toolkit/ Diego F. Aranha RELIC Organization Protocols

570 views • 29 slides
WINK AND THE MOBILE WEB INNOVATION Jrme Giraud Orange Labs About me I missed the glory days

WINK AND THE MOBILE WEB INNOVATION Jrme Giraud Orange Labs About me I missed the glory days

WINK AND THE MOBILE WEB INNOVATION Jrme Giraud Orange Labs About me I missed the glory days of the WAP but started building mobile web apps before iOS and Android arrived Different context Different interaction methods touch screen

393 views • 27 slides
AFPUB-2012-V4-002-DRAFT-01 Frank Habicht 1 st draft submitted September 19 th , 2012

AFPUB-2012-V4-002-DRAFT-01 Frank Habicht 1 st draft submitted September 19 th , 2012

AFPUB-2012-V4-002-DRAFT-01 Frank Habicht 1 st draft submitted September 19 th , 2012 AFPUB-2012-V4-002-DRAFT-01 Origin: AFPUB-2006-GEN-001 (which it tries to update) http://www.afrinic.net/en/library/policies/127-afpub-2006-gen-001 Has a

603 views • 7 slides
Workshop Referencing, NOT Plagiarism 1 Dr Ali Rashidi Referencing is a way of

Workshop Referencing, NOT Plagiarism 1 Dr Ali Rashidi Referencing is a way of

In the name of God Workshop Referencing, NOT Plagiarism 1 Dr Ali Rashidi Referencing is a way of acknowledging the sources that you WHAT is referencing ? have referred to in your work It allows the reader to see where you are

919 views • 62 slides
The Market Entry Strategy: The Spotlight Campaign 1 Executive Summary The Market Opportunity

The Market Entry Strategy: The Spotlight Campaign 1 Executive Summary The Market Opportunity

The Market Entry Strategy: The Spotlight Campaign 1 Executive Summary The Market Opportunity Content is becoming the new spam Lack of targeting creates unrealized value The Solution The ability to target is the key to adoption

901 views • 38 slides
Applications of Topic Models Document Understanding, session 7 CS6200: Information Retrieval

Applications of Topic Models Document Understanding, session 7 CS6200: Information Retrieval

Applications of Topic Models Document Understanding, session 7 CS6200: Information Retrieval Extending Topic Models PLSA is the most basic probabilistic topic model, and the idea has been usefully extended in many ways. Its probability

352 views • 8 slides

More recommend