tcp ip dns
play

TCP/IP: DNS Network Security Lecture 8 The Domain Name System - PowerPoint PPT Presentation

Mar 26, 2024 •293 likes •580 views

TCP/IP: DNS Network Security Lecture 8 The Domain Name System Database that primarily maps IP addresses (147.188.192.42) to names (www.cs.bham.ac.uk) and viceversa Nice properties: distributed, coherent, reliable, autonomous, and

  1. TCP/IP: DNS Network Security Lecture 8

  2. The Domain Name System • Database that primarily maps IP addresses (147.188.192.42) to names (www.cs.bham.ac.uk) and viceversa – Nice properties: distributed, coherent, reliable, autonomous, and hierarchical DNS namespace has tree structure • – Domain is a node in this tree – All nodes except the root have labels (e.g., www) – Fully qualified name: nodes labels, bottom up, each followed by a dot Nodes are grouped (clique) into zones (administrative boundaries) • – Apex is called the “start of authority” – Bottom edges with other zones below them are “delegation points” – Bottom nodes with no other zones below them are “leaf nodes” – Each zone is served by authority servers • Nodes store actual content in resource records (RRs) – RR: name, class, type, TTL, and data – Data can map IP to host name and viceversa – Data can specify the mail server for domain • More: P. Vixie, “DNS Complexity”, ACM Queue, 2007 Eike Ritter Network Security - Lecture 8 2

  3. Domain hierarchy . (root) uk arpa com net in-addr google lloydstsb co ac 147 google bham 188 192 ph cs 42 Eike Ritter Network Security - Lecture 8 3

  4. Mapping names to IPs and viceversa • Can a host name be mapped to many IP addresses? – Yes. For example, load balancing $ nslookup www.google.com Name: www.l.google.com Address: 209.85.143.99 Name: www.l.google.com Address: 209.85.143.104 • Can an IP address be mapped to many domain names? – Yes. For example web hosting (Some) domains seen at 74.125.53.132: amomsrantings.blogspot.com, bloxee.blogspot.com, culturadohashi.blogspot.com, ocedeloguxuf.blogspot.com, opensocial.googleusercontent.com, www-blogger-, ads.gmodules.com,, www.gmodules.com, … – Tool: Passive DNS replication @ BFK Eike Ritter Network Security - Lecture 8 4

  5. Servers • Primary authoritative server – Authoritative for a zone – Loads mappings from local configuration (file on disk) • Secondary authoritative server – Backup – Their zone data comes to them from primary servers via a zone transfer procedure • Recursive and caching server – Caches query results until their TTL expires – Implements the recursive algorithm needed to locate a RR Eike Ritter Network Security - Lecture 8 5

  6. Clients • Often called “resolvers” • Most often they do not cache (“stub resolver”) • Rely on recursive service of their designated full resolver $ cat /etc/resolv.conf search cs.bham.ac.uk nameserver 147.188.192.4 nameserver 147.188.192.8 • Tools: nslookup, dig, host Eike Ritter Network Security - Lecture 8 6

  7. Queries • Recursive • Specify the information requested (type of query) – Client asks the server to respond with either the requested resource − A: address of host record or error message if none − NS: authoritative name server for exists domain – If DNS server does not have the − CNAME: canonical name queried information, it queries − MX: mailer for host other servers until it gets the − TXT information (or the query fails) • Are identified by ID field (16 bits) • Iterative – Client asks the server to respond • Can be done over UDP or TCP with the best answer it can − Typically UDP; TCP for larger provide, given its cache or zone responses data – If DNS server does not have the queried information, it may respond with a referral to server that may have it Eike Ritter Network Security - Lecture 8 7

  8. Example $ dig google.com ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34072 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 300 IN A 209.85.143.99 google.com. 300 IN A 209.85.143.104 ;; AUTHORITY SECTION: google.com. 172800 IN NS ns4.google.com. google.com. 172800 IN NS ns1.google.com. google.com. 172800 IN NS ns2.google.com. google.com. 172800 IN NS ns3.google.com. ;; Query time: 21 msec ;; SERVER: 147.188.192.4#53(147.188.192.4) ;; WHEN: Wed Feb 2 18:29:31 2011 ;; MSG SIZE rcvd: 132 Eike Ritter Network Security - Lecture 8 8

  9. Example % dig +norecurse google.com ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52597 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN A ;; AUTHORITY SECTION: com. 172794 IN NS i.gtld-servers.net. com. 172794 IN NS e.gtld-servers.net. com. 172794 IN NS l.gtld-servers.net. com. 172794 IN NS c.gtld-servers.net. com. 172794 IN NS h.gtld-servers.net. com. 172794 IN NS d.gtld-servers.net. com. 172794 IN NS b.gtld-servers.net. com. 172794 IN NS g.gtld-servers.net. com. 172794 IN NS f.gtld-servers.net. com. 172794 IN NS a.gtld-servers.net. com. 172794 IN NS k.gtld-servers.net. com. 172794 IN NS j.gtld-servers.net. com. 172794 IN NS m.gtld-servers.net. Eike Ritter Network Security - Lecture 8 9

  10. DNS query 13:30:08.018705 IP 10.4.130.214.51103 > 147.188.128.102.53: 1313+ A? google.com. (28) 13:30:08.047483 IP 147.188.128.102.53 > 10.4.130.214.51103: 1313 5/13/0 A 74.125.230.114, A 74.125.230.115, A 74.125.230.116, A 74.125.230.112, A 74.125.230.113 (319) Eike Ritter Network Security - Lecture 8 10

  11. DNS spoofing server2.example.com ns1.example.com 172.16.48.2 ns1.evil.com 2.-3. 1. Assumption: server1 trusts connection from .example.com 1) attacker connects to server1 from 6.6.6.6 Attacker: server1.example.com 2) server1 looks up the name 6.6.6.6 172.16.48.1 associated with 6.6.6.6 3) ns1.evil.com replies “server2.example.com” 4) Server1 grants access to attacker Eike Ritter Network Security - Lecture 8 11

  12. Defense: double reverse lookup • Given IP address I 1 , obtains the name N – Mapping is provided by name server responsible for I 1 , which may well be completely untrustworthy • Given N, obtain its address I 2 – Mapping is provided by name server responsible for N. In the scenario before, this name server is trusted • Check if I 1 =I 2 Eike Ritter Network Security - Lecture 8 12

  13. DNS hijacking • DNS does not provide any means of authentication • Racing against the queried named server it is possible to provide a fake IP address/domain name mapping – Attacker could mount attack against client – Attacker could mount attack against name server • The attacker needs to set correctly the request ID – Easy if attack done on the same LAN (sniffing) – Need to guess if done blindly Eike Ritter Network Security - Lecture 8 13

  14. DNS hijacking A 74.125.230.115 A? google.com A 172.16.48.1 ns1.example.com Victim: Attacker: 172.16.48.2 172.16.48.1 Eike Ritter Network Security - Lecture 8 14

  15. DNS amplification attack • Certain queries can cause large responses – TXT, ANY query – Queries for “.” (root) • Most typically, queries done over UDP • Do you see a problem here? (remember smurf attacks?) • DNS amplification attack: – The attacker spoofs the source IP address to be the address of the victim – Sends these “expensive” queries to a large number of servers – Servers will send the response to the victim, overloading it • Defenses: – Don’t allow open recursive servers, that is recursive servers that respond queries from external clients – Respond to expensive queries from untrusted parties with shorter error messages (REFUSED answer, instead of providing the list of root servers) Eike Ritter Network Security - Lecture 8 15

  16. DNS poisoning • Certain DNS implementations used to cache anything contained in a DNS reply • Malicious DNS server would return a reply with additional answers that would poison the victim’s cache – Query for foo.com answered with additional section containing the IP address of bank.com – Can you use it to bypass the double reverse lookup? • Solution: only accept additional information that is relative to the domain being queried (bailiwick check) Eike Ritter Network Security - Lecture 8 16

  17. DNS poisoning A? google.com • Attacker forces recursive resolver ID = 1234 to initiate a DNS query ns.victim.com ns.google.com • As the resolver is waiting for answer from authority resolver, attacker forges answers Attacker needs to guess all the • transactional elements used in the victim’s query – Query ID – Port number IN A google.com • If success, victim will store wrong 172.16.48.1 IP-domain mapping ID = 1234 • If attacker looses the race, he will have to wait until the correct response expires (TTL field) – Order of several days, typically Attacker 172.16.48.1 Eike Ritter Network Security - Lecture 8 17

  18. Kaminsky attack • Technique to “speed up” the poisoning attack • Attacker sends query for 000001.bank.com • Recursive server recursively attempts to answer the query contacting authoritative server of bank.com (ID = 1234) • Attacker sends a number of spoofed responses (trying to guess the correct ID) with 2 parts: – Answer for 000001.bank.com is arbitrary – Authority section that claims a malicious IP is the NS for the bank.com zone If the attacker guesses the ID and port number, Bailiwick check passes • If the attacker is unsuccessful, the correct answer (likely, NXDOMAIN) • arrives first and is accepted • But now attacker can simply try again, querying for 000002.bank.com – Attacker does not need to wait for TTL to expire Eike Ritter Network Security - Lecture 8 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Google is Really Different. The Dalles, OR (2006) Huge Datacenters in 25+ Worldwide

Google is Really Different. The Dalles, OR (2006) Huge Datacenters in 25+ Worldwide

COMP 790-088 -- Distributed File Systems Google File System COMP 790-088 -- Fall 2009 17 17 Google is Really Different. The Dalles, OR (2006) Huge Datacenters in 25+ Worldwide Locations each &gt; football field Datacenters house

334 views • 10 slides
DUNE Single-Phase FD DAQ Overview Matt Graham, SLAC on behalf of DAQ team DUNE Calibration

DUNE Single-Phase FD DAQ Overview Matt Graham, SLAC on behalf of DAQ team DUNE Calibration

DUNE Single-Phase FD DAQ Overview Matt Graham, SLAC on behalf of DAQ team DUNE Calibration Workshop March 15, 2018 DUNE DAQ Requirements A few more: total data rate to tape &lt;~ 30 PB/year 2 The Plan &amp; Expected Data Rates Normal

453 views • 20 slides
protoDUNE-SP Data Quality Monitoring Maxim Potekhin (BNL) ProtoDUNE-SP Data Exploitation

protoDUNE-SP Data Quality Monitoring Maxim Potekhin (BNL) ProtoDUNE-SP Data Exploitation

v6 protoDUNE-SP Data Quality Monitoring Maxim Potekhin (BNL) ProtoDUNE-SP Data Exploitation Readiness Review@FNAL May 10th 2018 Overview The focus of this talk is mainly on infrastructure implemented for the support of the Data Quality

702 views • 39 slides
Tim OMahony Technical Support # Previouslyin Global Distributed Perforce Dont do

Tim OMahony Technical Support # Previouslyin Global Distributed Perforce Dont do

Tim OMahony Technical Support # Previouslyin Global Distributed Perforce Dont do that do this! Living on the Edge Not just for multi-site, but everywhere. # # Provide warm standby servers Reduce load and

592 views • 40 slides
IBM SOLIDDB In-Memory Database Optimized for Extreme Speed and Availability Authors: Jan

IBM SOLIDDB In-Memory Database Optimized for Extreme Speed and Availability Authors: Jan

IBM SOLIDDB In-Memory Database Optimized for Extreme Speed and Availability Authors: Jan Lindstrom, Vilho Raatikka, Jarmo Ruuth, Petri Soini, Katriina Vakkila Course Instructor: Stan Zdonik Presenter: Lixiang (Gavin) Zhang Outline:

342 views • 13 slides
ENGL ENGL

ENGL ENGL

ENGL ENGL

141 views • 11 slides
Spectroscopy of Private DNS Update Sources Vocal and lyrics: Andre Broido, Evi Nemeth, kc claffy

Spectroscopy of Private DNS Update Sources Vocal and lyrics: Andre Broido, Evi Nemeth, kc claffy

Spectroscopy of Private DNS Update Sources Vocal and lyrics: Andre Broido, Evi Nemeth, kc claffy &amp; elves (broido, evi, kc) @ caida.org CAIDA/SDSC/UCSD WIAPP San Jose 22 jun 03 www.caida.org/presentations/ Acknowedgements Paul Vixie

426 views • 29 slides
Replica Sets Painless scaling and High Availability (HA) Viktor Petersson @vpetersson Who am I?

Replica Sets Painless scaling and High Availability (HA) Viktor Petersson @vpetersson Who am I?

Replica Sets Painless scaling and High Availability (HA) Viktor Petersson @vpetersson Who am I? { name : Viktor Petersson, description : [ geek, entrepreneur ], founder_of : wireload, twitter : @vpetersson,

498 views • 25 slides
CLOUD SCALE STORAGE: THE GOOGLE FILE SYSTEM Harjasleen Malvai CS6410 Where do the files go? 2

CLOUD SCALE STORAGE: THE GOOGLE FILE SYSTEM Harjasleen Malvai CS6410 Where do the files go? 2

1 CLOUD SCALE STORAGE: THE GOOGLE FILE SYSTEM Harjasleen Malvai CS6410 Where do the files go? 2 Machines placed in a network need to share and use data. Introduces a few problems: Plain old access Consistency/Reliability

356 views • 23 slides
Flease - Lease Coordination Without a Lock Server Bjrn Kolbeck , Mikael Hgqvist, Jan Stender,

Flease - Lease Coordination Without a Lock Server Bjrn Kolbeck , Mikael Hgqvist, Jan Stender,

Flease - Lease Coordination Without a Lock Server Bjrn Kolbeck , Mikael Hgqvist, Jan Stender, Felix Hupfeld * Zuse Institute Berlin, * Google Switzerland GmbH File and Metadata Replication in XtreemFS Bjrn Kolbeck 1 Problem: Data

379 views • 20 slides
CS31 Discussion 1E Spring 17: week 06 TA: Bo-Jhang Ho bojhang@cs.ucla.edu Credit to former

CS31 Discussion 1E Spring 17: week 06 TA: Bo-Jhang Ho bojhang@cs.ucla.edu Credit to former

CS31 Discussion 1E Spring 17: week 06 TA: Bo-Jhang Ho bojhang@cs.ucla.edu Credit to former TA Chelsea Ju Puzzle time: How many lines will this program print? #include &lt;iostream&gt; int main() { for (unsigned int i = 3; i &gt;= 0; i--)

1.29k views • 76 slides
Functional Generative Design: An Evolutionary Approach to 3D-Printing GECCO 2018 Kyoto, Japan

Functional Generative Design: An Evolutionary Approach to 3D-Printing GECCO 2018 Kyoto, Japan

Functional Generative Design: An Evolutionary Approach to 3D-Printing GECCO 2018 Kyoto, Japan Overview Motivation Motivation (FDM) (kinematic) Motivation Printed supports Fused

770 views • 40 slides
Note-8-3-for-talk Note-8-3-for-talk Current Interactive Session ACL2 Version 8.3 (April, 2020)

Note-8-3-for-talk Note-8-3-for-talk Current Interactive Session ACL2 Version 8.3 (April, 2020)

Note-8-3-for-talk Note-8-3-for-talk Current Interactive Session ACL2 Version 8.3 (April, 2020) Notes NOTE! New users can ignore these release notes, because the documentation has been updated to reflect all changes that are recorded here.

583 views • 11 slides
Hoilec Closures, thunks, and objects Theory of Programming Languages Computer Science Department

Hoilec Closures, thunks, and objects Theory of Programming Languages Computer Science Department

Maintaining state Promises Object-Oriented in Hoilec Interpreter Discussion Hoilec Closures, thunks, and objects Theory of Programming Languages Computer Science Department Wellesley College Maintaining state Promises Object-Oriented in

459 views • 11 slides
Outline Starting synchronous lecture recording CSci 4271W More perspectives on threat modeling

Outline Starting synchronous lecture recording CSci 4271W More perspectives on threat modeling

Outline Starting synchronous lecture recording CSci 4271W More perspectives on threat modeling Development of Secure Software Systems Threat modeling: printer manager Day 7: More Threat Modeling Stephen McCamant Logistics update, incl.

564 views • 4 slides
Discussion 03 Recursion Tree recursion Recursion Facts 1. Base case : What is the simplest

Discussion 03 Recursion Tree recursion Recursion Facts 1. Base case : What is the simplest

Discussion 03 Recursion Tree recursion Recursion Facts 1. Base case : What is the simplest problem that you can solve? In other words, is there an input to the problem for which you automatically know what to return? 2. Make a recursive call !

460 views • 21 slides
Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5a due 9 a.m. tomorrow

Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5a due 9 a.m. tomorrow

Principles of Software Construction: Objects, Design, and Concurrency Part 3: Concurrency Introduction to concurrency: Concurrency challenges Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5a due 9 a.m. tomorrow Midterm

764 views • 38 slides
t rrt rr

t rrt rr

t rrt rr s r r t

397 views • 13 slides
Shape Optimization for Consumer-Level 3D Printing Przemyslaw Musialski TU Wien Motivation 3D

Shape Optimization for Consumer-Level 3D Printing Przemyslaw Musialski TU Wien Motivation 3D

Shape Optimization for Consumer-Level 3D Printing Przemyslaw Musialski TU Wien Motivation 3D Modeling 3D Printing Przemyslaw Musialski 2 Motivation Przemyslaw Musialski 3 Przemyslaw Musialski 4 Example Przemyslaw Musialski 5

1.02k views • 74 slides
Week 2 Discussion Wednesday, 1/15/20 Reminders PA 2 due Tuesday, January 21 11:59pm Todays

Week 2 Discussion Wednesday, 1/15/20 Reminders PA 2 due Tuesday, January 21 11:59pm Todays

Week 2 Discussion Wednesday, 1/15/20 Reminders PA 2 due Tuesday, January 21 11:59pm Todays agenda Quiz 1 PA 2 Overview Hourglass Hawaiian Words Recursion File IO Command Line Arguments Useful Classes in Java for IO File (import

329 views • 13 slides
Design tools CS 347 Michael Bernstein Announcements Projects: ready, set, go! 2 Feedback from

Design tools CS 347 Michael Bernstein Announcements Projects: ready, set, go! 2 Feedback from

Design tools CS 347 Michael Bernstein Announcements Projects: ready, set, go! 2 Feedback from CTL What you ask of yourselves in order to make the class more successful: participate in discussion Whats going well Lectures In-class polls

500 views • 34 slides
STRATEGY IS DYING 2 Mags Govender MD of GO Health Club Group Experience in developing Sales,

STRATEGY IS DYING 2 Mags Govender MD of GO Health Club Group Experience in developing Sales,

1 A BRIEF DISCUSSION INTO THE IMPORTANCE OF SALES AND MARKETING IN YOUR BUSINESS, YOUR SALES WITHOUT COMING ACROSS AS A SALES DRIVEN BUSINESS STRATEGY IS DYING 2 Mags Govender MD of GO Health Club Group Experience in developing Sales,

614 views • 32 slides
IN1900 Wednesday 19/8: formulas and variables (Chapter 2) Joakim Sundnes , Simula Research

IN1900 Wednesday 19/8: formulas and variables (Chapter 2) Joakim Sundnes , Simula Research

IN1900 Wednesday 19/8: formulas and variables (Chapter 2) Joakim Sundnes , Simula Research Laboratory and University of Oslo, Dept. of Informatics Date: Aug 14, 2020 What will you learn in IN1900? General computer programming: Thinking like a

833 views • 14 slides
ge ts: Mo ving tar Re putatio nal r isk, r ights and ac c o untability in punishme nt Source:

ge ts: Mo ving tar Re putatio nal r isk, r ights and ac c o untability in punishme nt Source:

ge ts: Mo ving tar Re putatio nal r isk, r ights and ac c o untability in punishme nt Source: Correctional Investigator of Canada Pro fe sso r K e lly Ha nna h-Mo ffa t Unive rsity o f T o ro nto ha nna h.mo ffa t@ uto ro nto .c a Recent

812 views • 35 slides

More recommend