Agenda. Review DNS Fundamentals DNS Security Summary 1/22

Similar documents
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration. Chapter 5 Introduction to DNS in Windows Server 2008

Sicurezza dei sistemi e delle reti

This time. Digging into. Networking. Protocols. Naming DNS & DHCP

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Install and configure the DNS server. SEED Labs Local DNS Attack Lab 1

ECE 435 Network Engineering Lecture 7

ICS 351: Networking Protocols

Application Layer: OSI and TCP/IP Models

CS519: Computer Networks. Lecture 6: Apr 5, 2004 Naming and DNS

The term "router" in this document refers to both routers and Layer 3 switches. Step Command Remarks. ipv6 host hostname ipv6-address

Remote DNS Cache Poisoning Attack Lab

DNS. Introduction To. everything you never wanted to know about IP directory services

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Introduction to Network. Topics

2008 DNS Cache Poisoning Vulnerability Cairo, Egypt November 2008

Switching & ARP Week 3

Domain Name System (DNS) Session-1: Fundamentals. Joe Abley AfNOG Workshop, AIS 2017, Nairobi

Agenda. Review: DNS Security Intrusion Detection and Prevention Systems 1/21

Remote DNS Cache Poisoning Attack Lab

Domain Name System.

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

Lab - Observing DNS Resolution

DNS Basics BUPT/QMUL

Managing Caching DNS Server

CSE 565 Computer Security Fall 2018

DNS CACHE POISONING LAB

CSC 574 Computer and Network Security. DNS Security

Unit 28 Website Production ASSIGNMENT 1

CSE 3214: Computer Network Protocols and Applications. Midterm Examination

Outline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack

OFF-PATH ATTACKS AGAINST PUBLIC KEY INFRASTRUCTURES. Markus Brandt, Tianxiang Dai, Elias Heftrig, Amit Klein, Haya Shulman, Michael Waidner

CCNA Exploration Network Fundamentals. Chapter 03 Application Functionality and Protocols

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Configuring IPv6 DNS. Introduction to IPv6 DNS. Configuring the IPv6 DNS client. Configuring static domain name resolution

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

Root Servers. Root hints file come in many names (db.cache, named.root, named.cache, named.ca) See root-servers.org for more detail

Infoblox Authenticated DHCP

Using DNS Service for Amplification Attack

DNS Pharming Attack Lab

DNSSEC DNS SECURITY EXTENSIONS INTRODUCTION TO DNSSEC FOR SECURING DNS QUERIES AND INFORMATION

Overview. Last Lecture. This Lecture. Next Lecture. Scheduled tasks and log management. DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly

Computer Network laboratory (2015) Pattern TE Computer 1 (5)

CSC 6575: Internet Security Fall 2017

Chapter 5: Ethernet. Introduction to Networks - R&S 6.0. Cisco Networking Academy. Mind Wide Open

6.033 Computer System Engineering

CSCE 463/612 Networks and Distributed Processing Spring 2018

CSc 450/550 Computer Networks Domain Name System

Domain Name System (DNS) Session-1: Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale

Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security

Improving DNS Security and Resiliency. Carlos Vicente Network Startup Resource Center

LAB 1 HOW THE WEB WORKS

Domain Name System (DNS) DNS Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale. The old solution: HOSTS.

CCNA Exploration1 Chapter 3: Application Layer Functionality and Protocols

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

TCP/IP SECURITY GRAD SEC NOV

DNS: Useful tool or just a hammer? Paul DNS-OARC 06 Oct 2013, Phoenix

LAB 1 HOW THE WEB WORKS

CSCE 463/612 Networks and Distributed Processing Spring 2018

DNS and SMTP. James Walden CIT 485: Advanced Cybersecurity. James WaldenCIT 485: Advanced Cybersecurity DNS and SMTP 1 / 31

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Tasks (Part I): Setting Up a Local DNS Server. SEED Labs Local DNS Attack Lab 1

CHAPTER 22 DISTRIBUTED APPLICATIONS ANSWERS TO QUESTIONS ANSWERS TO PROBLEMS

Attacks on DNS: Risks of Caching

Closed book. Closed notes. No electronic device.

ITdumpsFree. Get free valid exam dumps and pass your exam test with confidence

Network Security Part 3 Domain Name System

PC & Network Security

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

INTERNET ARCHITECTURE & PROTOCOLS

Internet Technology. 06. Exam 1 Review Paul Krzyzanowski. Rutgers University. Spring 2016

(DNS, and DNSSEC and DDOS) Geoff Huston APNIC

Unit C - Network Addressing Objectives Purpose of an IP Address and Subnet Mask Purpose of an IP Address and Subnet Mask

Internet Technology 3/2/2016

Writing Assignment #1. A Technical Description for Two Different Audiences. Yuji Shimojo WRTG 393. Instructor: Claudia M. Caruana

Chapter 10: Application Layer

DNS Security. * pers/dnssec/dnssec.html. IT352 Network Security Najwa AlGhamdi

OSI Session / presentation / application Layer. Dr. Luca Allodi - Network Security - University of Trento, DISI (AA 2015/2016)

Quiz 7 May 14, 2015 Computer Engineering 80N

Prevent DoS using IP source address spoofing

August 14th, 2018 PRESENTED BY:

DNS & Iodine. Christian Grothoff.

DNS Cache Poisoning Looking at CERT VU#800113

Are You Fully Prepared to Withstand DNS Attacks?

Network concepts introduction & wireshark

ICS 451: Today's plan

Computer Engineering II Solution to Exercise Sheet Chapter 4

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Agha Mohammad Haidari General ICT Manager in Ministry of Communication & IT Cell#

Interested in learning more about security? The Achilles Heal of DNS. Copyright SANS Institute Author Retains Full Rights

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

DDoS on DNS: past, present and inevitable. Töma Gavrichenkov

CPSC 441 COMPUTER COMMUNICATIONS MIDTERM EXAM SOLUTION

Outline NET 412 NETWORK SECURITY PROTOCOLS. Reference: Lecture 7: DNS Security 3/28/2016

DNS SECURITY BEST PRACTICES

Open Recursive Nameservers

Uniform Resource Locators (URL)

Computer Networks. Domain Name System. Jianping Pan Spring /25/17 CSC361 1

15-441: Computer Networks Spring 2017 Homework 3

Internet Content Distribution

DOMAIN NAME SECURITY EXTENSIONS

Application Layer -1- Network Tools

Transcription:

Agenda Review DNS Fundamentals DNS Security Summary 1/22

Which of the following is NOT a commonly used routing metric? A. Hop count B. Bandwidth C. Delay D. Destination s IP address E. Reliability of links F. Load 2/22

Jidong - a fan of Jennifer Aniston, once sent an email to Shane and told him that Brad Pitt and Angelina Jolie had divorced. Jidong and Shane s computers are located in the same network. When Shane received that email, did the email go through any switches? Did the email go through any routers? 3/22

Why should you use ssh, rather than telnet, to access your router? A. Because ssh is faster than telnet. B. Because ssh consumes less bandwidth than telnet. C. Because ssh uses encryptions, while telnet sends everything in clear text. D. Because telnet can only be used within one network, but ssh can be used to access computers in a different network. 4/22

Last night, Jidong (at home, sitting in front of his laptop), opened his browser, typed www.youtube.com in the address bar, in the hope of watching some soccer game highlights, however, he ended up opening www.porntube.com. Which of following could be the root cause of this incident? (Choose all that apply.) A. Jidong s laptop was hacked. B. Jidong s home router was hacked. C. Youtube was hacked. D. Porntube was hacked. E. The DNS server that Jidong was using was hacked. F. Jidong s email account was hacked. G. Jidong s Facebook account was hacked. H. Jidong actually typed www.porntube.com in the address bar. 5/22

Basic Terminologies DNS: Domain Name System. A system designed to make computers easier to use for human beings. DNS maps domain names to IP addresses, like a phonebook map people s names to their phone numbers - it s easy to remember (people s and computer s) names than their numbers. DNS nameserver: A server that stores the DNS records, such as address (A, AAAA) records, name server (NS) records, and mail exchanger (MX) records for a domain name and responds with answers to queries against its database. DNS resolver: A local server that stores a central database of DNS nameservers and manages DNS requests for all the clients on your network. Sometimes people also use it to represent the client side of DNS, i.e., a component of your OS, which is responsible for initiating the queries. 6/22

Basic Terminologies DNS hierarchy: An inverted tree structure to manage the DNS database system. DNS caching: After your computer or a local DNS server obtains the query results from another DNS server, it will store the results in its cache for certain period of time. 7/22

DNS Hierarchy Sources: etutorial.org 8/22

DNS Message Format Two types of DNS messages are used in DNS protocol: queries and replies, (same format). Each message consists of a header and four sections: question, answer, authority, and an additional space. Image sources: http://icanhazsecurity.ondrejdavid.com/2013/04/pentesting101-5-basic-protocols-overview.html 9/22

DNS Queries Recursive queries: the DNS client requires that the DNS server respond to the client with either the requested resource record or an error message stating that the record or domain name does not exist. The DNS server cannot just refer the DNS client to a different DNS server. Thus, if a DNS server does not have the requested information when it receives a recursive query, it queries other servers until it gets the information, or until the name query fails. Iterative queries: when a DNS client allows the DNS server to return the best answer it can give based on its cache or data. If the queried DNS server does not have an exact match for the queried name, the best possible information it can return is a referral. 10/22

DNS Recursive Queries image source: https://ominouspacket.com/2017/01/13/part-4-dns-address-resolution-the-dns-resolver/ 11/22

Useful DNS Tools - dig Name resolution: dig boisestate.edu; dig penisland.net; Reverse lookup: dig -x 132.178.214.91 Find a domain s mail server: dig boisestate.edu MX 12/22

Useful DNS Tools - dig nslookup whois 13/22

DNS Security DNS spoofing DNS cache poisoning DNS ID hacking DNS pharming DNS amplification/reflection 14/22

DNS Spoofing Answering DNS request that intended for another server (a real DNS server). Spoofs the DNS server s answer by answering with the DNS server s IP address in the packets source-address field client-server exchange or server-server exchange. 15/22

DNS Cache Poison Making a DNS server cache false information e.g., try to make the ns.defense.gov DNS to answer with the IP of the hacker s computer to any query about the IP of telnetaccess.defense.gov. 16/22

DNS ID hacking A DNS reply will not be accepted, if the reply ID does not match the request ID. Sniff the network for the initial query and answer quicker than the DNS server. The late reply from the real DNS server will be discarded. If sniff not practial: 1. test all the possible ID values; 2. flood the DNS server to buy some more time for trying different ID numbers. 17/22

DNS Pharming Change the DNS server setting on a victim s computer. Or change the DNS server setting on the DHCP server. 18/22

DNS Amplification/Reflection Image sources: https://blog.opendns.com/2014/03/17/dns-amplification-attacks/ 19/22

DNS Amplification/Reflection Three factors that make DNS amplifcation/reflection possible: Forgeability of source addresses of DNS messages. Availability of open resolvers: A DNS resolver is open if it provides recursive name resolution for clients outside of its administrative domain. Asymmetry of DNS requests and responses: "ANY requests ask the DNS resolver for ALL information that it currently knows about the domain which may include where the mail servers are (MX records), what the IP addresses are (A records) and so on. Attackers use this type of query to maximize the size of the response sent to the victim." See more at: https://blog.opendns.com/2014/03/17/ dns-amplification-attacks/ 20/22

Summary DNS database: tree structure. DNS queries: recursive, iterative. DNS attacks: DNS spoofing, DNS cache poison, DNS ID hacking, DNS pharming, DNS Amplification. 21/22

References A large portion of the material is adapted from: Security Issues with DNS - SANS Institute Top Five DNS Security Attack Risks and How to Avoid Them - Infoblox What Are Domain Name System (DNS) Resolvers and How Do They Work? http://smallbusiness.chron.com/ domain-name-system-dns-resolvers-work-76639.html 22/22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback