DOCSLIB.ORG

Using Dns to Protect Clients from Malicious Domains

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Institute for Development and Research in Banking Technology A Project Report on USING DNS TO PROTECT CLIENTS FROM MALICIOUS DOMAINS Submitted by M.L.V.L Akhil Vishnu 3rd year B.Tech, Computer Science and Engineering Indian Institute of Technology (ISM) Dhanbad. Guide Dr. V. Radha Assistant professor IDRBT, Hyderabad. 1 | P a g e ACKNOWLEDGEMENT I would like to express my gratitude to the Institute for Development and Research in Banking Technology (IDRBT) under the guidance of Dr. V. Radha, Assistant Professor, IDRBT, Hyderabad. I would not hesitate to add that this short stint in IDRBT has added a different facet to my life as this is a unique organization being a combination of academics, research, technology, communication service, crucial application etc. and at the same time performing roles as an arm of regulation, spread of technology, and facilitator for implementing technology in banking and non-banking system. I am extremely grateful to Dr. V.Radha for her advice, innovative suggestions and supervision. I thank her for introducing me to different aspects of “CYBER SECURITY AND DOMAIN NAME SYSTEMS”. I am thankful for IDRBT for providing such an amazing platform to work on real application oriented research. I would like to give special thanks to Mrs. Varsha Srivastava, Administrative Executive, IDRBT, Hyderabad for providing resource and motivation in carrying out this project. Finally, I thank one and all who made this project successful either directly or indirectly. M.L.V.L Akhil Vishnu 3rd year B.Tech, Computer Science and Engineering, Indian Institute of Technology (ISM) Dhanbad. 2 | P a g e CERTIFICATE This is to certify that Mr. M.L.V.L Akhil Vishnu, pursuing B.Tech Computer Science and Engineering at Indian Institute of Technology (ISM), Dhanbad, has undertaken a project as a summer internship at the Institute for Development and Research in Banking Technology (IDRBT), Hyderabad May 12, 2017 to July 7, 2017. He was assigned the project entitled “Using DNS to protect clients from malicious domains” under my guidance. During his course of project, he analysed the challenges faced by the clients in phishing and has implemented a solution. He has done excellent work with sincerity. I wish him all the best for all his endeavours. Dr. V Radha Assistant Professor IDRBT, Hyderabad. Place: Hyderabad Date: 7th July, 2017 3 | P a g e ABSTRACT DNS is a protocol within the set of standards for how computers exchange data on internet, known as IP/TCP protocol suite. A DNS server, also called as name server handles a massive database, which maps domain names to IP addresses. Phishing is the attempt to obtain confidential information such as usernames, passwords and details of credit and debit cards, often for malicious reasons, by tricking the user. There are some approaches to prevent phishing. DNS sinkhole is one among them. DNS sinkhole, also called as black hole DNS, is used to spoof DNS servers to prevent resolving hostnames of specified URLs. A sinkhole is a way of redirecting malicious internet traffic so that it can be captured and analysed by security analysts. This can be achieved by configuring the DNS forwarder to return a false IP address to a particular URL. This can be used to restrict access to specific sites that violate corporate policies, including social networking, abusive content etc. In DNS sinkhole, we create two lists called white list and black list. Malicious URLs can be collected from already known C&C servers, through the open source sites that are providing malicious IP details, malware analysis process etc. The known malicious URLs will be placed in blacklist whereas the white list contains known important URLs. The URLs present in black list can never be accessed. A URL present in white list can never be added to black list. The URLs present in white list are safe for sure. Thus the DNS sinkhole verifies the input DNS query with the elements present in white list. If a match is found, IP of that URL will be returned. Else, it verifies with those present in the blacklist. If a match is found then, the user will be redirected and a customised webpage can be shown. This webpage can be created with information detailing the corporate policy restriction and can be hosted on a local server. 4 | P a g e INDEX 1. Introduction……………………………………………………6 2. Problem Statement…………………………………………….7 3. DNS sinkhole overview……………………………………….7 3.1 DNS sinkhole workflow 3.2 DNS sinkhole setup overview 4. Installation, configuration and partitioning the drive………….10 4.1 DNS sinkhole server installation 4.2 Suggested drive configuration 4.3 Install the software 4.4 Sinkhole Configuration 5. DNS sinkhole web interface…………………………………..20 5.1 Configuring local sinkhole addresses 5.2 Populating the site exclusion list 5.3 Manually adding new sites to sinkhole 5.4 Search domains 6. Remote access…………………………………………………22 7. DNS sinkhole configuration…………………………………...23 7.1 Controlling access to suspicious sites 7.2 Changing MySQL root password 7.3 Configuring PowerDNS as sinkhole 7.4 PowerDNS monitoring webserver 8. Populating sinkhole using sinkhole_parser.sh…………………25 9. PowerDNS database……………………………………………27 10. Bibliography…………………………………………………..28 5 | P a g e 1. Introduction: The domain name system is indisputably one of the most important and overlooked parts of the internet. Since it is difficult to memorize large number of IP addresses, which are strings of numbers, DNS came into existence. Domain name system (DNS) manages a huge database mapping IP addresses against domain names. DNS takes the URLs we enter in our web browsers as input, finds the IP addresses of the web servers hosting those sites and returns those IP addresses. Phishing is a cybercrime in which a target or targets are attacked to acquire their confidential and sensitive information such as usernames, passwords, credit card details etc. During phishing, the user is tricked by the attacker to submit his/her confidential information into a fraudulent website. Phishing, therefore causes loss to user. DNS sinkhole is one of the many approaches for the sinkhole problem. DNS sinkhole contains blacklist and whitelist. Most of the techniques for phishing detection are based on blacklist. Blacklist is a file that contains a large number of known fraudulent sites. There are many ways like malware analysis, open source sites providing malicious IP details etc. to find fraudulent sites. Whitelist contains the known safe websites. When a user requests the DNS sinkhole to resolve IP address of a domain present in whitelist, its actual IP is returned. When a user requests a DNS server to resolve IP address of a malicious or fraudulent domain present in blacklist of the sinkhole, the user would be redirected to an internal website indicating that the site is blocked in accordance with corporate policy. In DNS sinkhole, we can also add domains manually into whitelist and blacklist and also remove them. When a new domain is added to the blacklist, the domain completely falls under the control of the sinkhole administrator. After this, it is no longer possible to access the original host. The blacklists must be updated constantly by the administrators of DNS sinkhole. Open source lists of known adware sites, malware sites and information from other sources can be combined with organisation specific information from DNS resource record queries from effected clients, analysis of malware found on compromised clients etc. The mentioned information can be added to the blacklist of sinkhole. The DNS sinkhole can also be used to take control of some domains which are not malicious or fraudulent but contravene the policies. Thus DNS sinkhole can be a part of security. 6 | P a g e 2. Problem Statement: It is the age of bots. Botnet traffic is increasing day by day, exploiting computer systems through a variety of infection vectors and establishing command and control channels for sale or lease to the highest bidder. Attacks are commonly seen in the form of cybercrime, and other illegal activities. Security analysts and administrators must respond daily to malware that forces a user to unknowingly download suspicious files from websites that they have no reason to access. Known applications that are dangerous must also be blocked. The following figure shows that botnet activity has been increasing day by day. Thus, it is the duty of security analysts and anti-malware engineers to control and prevent bots and other unwanted traffic. This is where DNS sinkhole can play a major role in preventing access to known malware sites as a part of security. 3. DNS Sinkhole overview: DNS sinkhole is simple and hence it is effective at detecting and blocking malware domains and unwanted traffic that try to reach internet. It has the capability to mitigate many types of threats that use DNS resolution. Administrators can add hosts and domains using DNS zone files. There are professionals who maintain lists of known unwanted and malicious domains and this information can used in the sinkhole. DNS sinkhole is inexpensive as it is an open-source software. The DNS sinkhole server works by impersonating an authoritative DNS server for unwanted and malicious domains and it returns a private address for such host and domain queries. The list of unwanted and malicious domains must be provided to the DNS sinkhole to make it effective. There are many advantages of deploying an internal DNS sinkhole. A sinkhole is scalable, effective, 7 | P a g e inexpensive and easy to maintain. Organisations can easily integrate their own ‘closed-source’ sinkhole entries for hosts or domains. This ability to customize data is a significant differentiator from commercial offerings. DNS sinkholes can not only block domains but also can block entire top level domains.
Recommended publications
  • Ispconfig 3 Manual]

    Ispconfig 3 Manual]

    [ISPConfig 3 Manual] ISPConfig 3 Manual Version 1.0 for ISPConfig 3.0.3 Author: Falko Timme <[email protected]> Last edited 09/30/2010 1 The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed form for your personal use. All rights reserved. This copy was issued to: Thomas CARTER - [email protected] - Date: 2010-11-20 [ISPConfig 3 Manual] ISPConfig 3 is an open source hosting control panel for Linux and is capable of managing multiple servers from one control panel. ISPConfig 3 is licensed under BSD license. Managed Services and Features • Manage one or more servers from one control panel (multiserver management) • Different permission levels (administrators, resellers and clients) + email user level provided by a roundcube plugin for ISPConfig • Httpd (virtual hosts, domain- and IP-based) • FTP, SFTP, SCP • WebDAV • DNS (A, AAAA, ALIAS, CNAME, HINFO, MX, NS, PTR, RP, SRV, TXT records) • POP3, IMAP • Email autoresponder • Server-based mail filtering • Advanced email spamfilter and antivirus filter • MySQL client-databases • Webalizer and/or AWStats statistics • Harddisk quota • Mail quota • Traffic limits and statistics • IP addresses 2 The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by any process (electronic or otherwise) without the written specific consent of projektfarm GmbH.
  • To the Members of the Senate Judiciary Committee: We, The

    To the Members of the Senate Judiciary Committee: We, The

    To the members of the Senate Judiciary Committee: We, the undersigned, have played various parts in building a network called the Internet. We wrote and debugged the software; we defined the standards and protocols that talk over that network. Many of us invented parts of it. We're just a little proud of the social and economic benefits that our project, the Internet, has brought with it. We are writing to oppose the Committee's proposed new Internet censorship and copyright bill. If enacted, this legislation will risk fragmenting the Internet's global domain name system (DNS ), create an environment of tremendous fear and uncertainty for technological innovation, and seriously harm the credibility of the United States in its role as a steward of key Internet infrastructure. In exchange for this, the bill will introduce censorship that will simultaneously be circumvented by deliberate infringers while hampering innocent parties' ability to communicate. All censorship schemes impact speech beyond the category they were intended to restrict, but this bill will be particularly egregious in that regard because it causes entire domains to vanish from the Web, not just infringing pages or files. Worse, an incredible range of useful, law-abiding sites can be blacklisted under this bill. These problems will be enough to ensure that alternative name-lookup infrastructures will come into widespread use, outside the control of US service providers but easily used by American citizens. Errors and divergences will appear between these new services and the current global DNS, and contradictory addresses will confuse browsers and frustrate the people using them.
  • Domain Name Server Comparison

    Domain Name Server Comparison

    DomainNameServerComparison: BIND8vs.BIND9vs.djbdnsvs.??? BradKnowles SeniorConsultantforSnow,BV [email protected] http://www.shub-internet.org/brad/papers/dnscomparison/ Entirecontentscopyright©2003byBradKnowles,allrightsreserved Overview • Meta Information • TLD Survey Results • Software – Installation – Features – Performance • Conclusions 2003-01-28 Copyright©2003byBradKnowles 2 MetaInformation • Hardware Used • Software Used • Methodology 2003-01-28 Copyright©2003byBradKnowles 3 HardwareUsed • TLD Survey – OS: BSD/OS 4.2 – CPU: Pentium III – RAM: 512MB real, 1.0GB virtual 2003-01-28 Copyright©2003byBradKnowles 4 HardwareUsed • Performance Testing – Compaq Armada 4131T Laptop • OS: FreeBSD 4.6.2-RELEASE • CPU: Pentium 133 • RAM: 48MB real, 384MB virtual • NICs: Asanté FriendlyNET AL1011 “Prism2” 802.11b WiFi PC Card & Linksys EtherFast 10/100 PC Card (PCM100) • HD: 10GB IBM Travelstar 20GN – 4200 RPM – 12ms avg. seek 2003-01-28 Copyright©2003byBradKnowles 5 HardwareUsed: PerformanceTesting Image copyright © 2001 Sunset Computer Services, Inc. All Rights Reserved. 2003-01-28 Copyright©2003byBradKnowles 6 SoftwareUsed • ISC – BIND 8.3.3-REL – BIND 9.2.2rc1 • djbdns 1.05 – daemontools 0.76 – ucpsi-tcp 0.88 – tinydns-bent 1.1 • nsd 1.02b1 • Nominum – ANS (Authoritative Name Server) 2.0.1-1eval – CNS (Caching Name Server) 1.1.0b1 • PowerDNS 2.9.4 2003-01-28 Copyright©2003byBradKnowles 7 SomeSoftwareConsidered • QuickDNS (authoritative) – See <http://www.menandmice.com/2000/2600_isp_dns_solution.html> • Aimed at small-to-medium size businesses,
  • Sirdom. Sistema Para La Gestión Del Servicio De Resolución De Nombres De Dominios

    Sirdom. Sistema Para La Gestión Del Servicio De Resolución De Nombres De Dominios

    Revista de investigación Editada por Área de Innovación y Desarrollo, S.L. Envío: 27-01-2013 Aceptación: 30-01-2013 Publicación: 19-02-2013 SIRDOM. SISTEMA PARA LA GESTIÓN DEL SERVICIO DE RESOLUCIÓN DE NOMBRES DE DOMINIOS SIRDOM. MANAGEMENT SYSTEM FOR THE RESOLUTION NAMES DOMAINS SERVICE. Yoedusvany Hernández Mendoza1 Yordanis Arencibia López2 Yankier Crespo González3 1. Máster, Ingeniero Informático. Profesor del Departamento de Redes, UNICA. 2. Máster, Ingeniero Informático. Profesor del Departamento de Redes, UNICA. 3. Máster, Ingeniero Informático. Profesor del Departamento de Redes, UNICA. RESUMEN Este artículo presenta un estudio del comportamiento del servicio DNS, su funcionamiento, herramientas y por último se propone un sistema informático que permite configurar y gestionar dicho servicio a través de una serie de prestaciones y facilidades que las aplicaciones actuales no posibilitan. Este sistema permitirá gestionar el servicio de resolución de nombres de dominio sobre BIND en su versión 9. ABSTRACT This paper presents a study of the behavior of DNS, its operating principle, tools and finally proposes a computer system to configure and manage this service through a number of benefits and facilities that do not allow current applications. This system will manage the service of domain name resolution on BIND version 9. PALABRAS CLAVE Bind, DNS, dominio, resolución, sistema. KEYWORDS Bind, DNS, domain, resolution, system. SIRDOM. SISTEMA PARA LA GESTIÓN DEL SERVICIO DE RESOLUCIÓN DE NOMBRES DE DOMINIOS DE NOMBRES DE RESOLUCIÓN DE SERVICIO DEL GESTIÓN LA PARA SISTEMA SIRDOM. 2 INTRODUCCIÓN Las diferentes instituciones y organizaciones, siendo los centros educacionales unos de los principales, han tenido que cambiar sus esquemas tradicionales para adaptarse a la actual era de la información.
  • Domain Name System 1 Domain Name System

    Domain Name System 1 Domain Name System

    Domain Name System 1 Domain Name System The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. A Domain Name Service translates queries for domain names (which are easier to understand and utilize when accessing the internet) into IP addresses for the purpose of locating computer services and devices worldwide. An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain name www.example.com translates to the addresses 192.0.43.10 (IPv4) and 2620:0:2d0:200::10 (IPv6). The Domain Name System makes it possible to assign domain names to groups of Internet resources and users in a meaningful way, independent of each entity's physical location. Because of this, World Wide Web (WWW) hyperlinks and Internet contact information can remain consistent and constant even if the current Internet routing arrangements change or the participant uses a mobile device. Internet domain names are easier to remember than IP addresses such as 208.77.188.166 (IPv4) or 2001:db8:1f70::999:de8:7648:6e8 (IPv6). Users take advantage of this when they recite meaningful Uniform Resource Locators (URLs) and e-mail addresses without having to know how the computer actually locates them. The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain.
  • Rssac026v2: RSSAC Lexicon

    Rssac026v2: RSSAC Lexicon

    RSSAC026v2: RSSAC Lexicon An Advisory from the ICANN Root Server System Advisory Committee (RSSAC) 12 March 2020 RSSAC Lexicon Preface This is an Advisory to the Internet Corporation for Assigned Names and Numbers (ICANN) Board of Directors and the Internet community more broadly from the ICANN Root Server System Advisory Committee (RSSAC). In this Advisory, the RSSAC defines terms related to root server operations for the ICANN Community. The RSSAC seeks to advise the ICANN community and Board on matters relating to the operation, administration, security and integrity of the Internet’s Root Server System. This includes communicating on matters relating to the operation of the Root Servers and their multiple instances with the technical and ICANN community, gathering and articulating requirements to offer to those engaged in technical revisions of the protocols and best common practices related to the operational of DNS servers, engaging in ongoing threat assessment and risk analysis of the Root Server System and recommend any necessary audit activity to assess the current status of root servers and root zone. The RSSAC has no authority to regulate, enforce, or adjudicate. Those functions belong to others, and the advice offered here should be evaluated on its merits. The RSSAC has relied on the RSSAC Caucus, a group of DNS experts who have an interest in the Root Server System to perform research and produce this publication. A list of the contributors to this Advisory, references to RSSAC Caucus members’ statement of interest, and RSSAC members’ objections to the findings or recommendations in this Report are at the end of this document.
  • DNS) Deployment Guide

    DNS) Deployment Guide

    Archived NIST Technical Series Publication The attached publication has been archived (withdrawn), and is provided solely for historical purposes. It may have been superseded by another publication (indicated below). Archived Publication Series/Number: NIST Special Publication 800-81 Revision 1 Title: Secure Domain Name System (DNS) Deployment Guide Publication Date(s): April 2010 Withdrawal Date: September 2013 Withdrawal Note: SP 800-81 Revision 1 is superseded in its entirety by the publication of SP 800-81-2 (September 2013). Superseding Publication(s) The attached publication has been superseded by the following publication(s): Series/Number: NIST Special Publication 800-81-2 Title: Secure Domain Name System (DNS) Deployment Guide Author(s): Ramaswamy Chandramouli, Scott Rose Publication Date(s): September 2013 URL/DOI: http://dx.doi.org/10.6028/NIST.SP.800-81-2 Additional Information (if applicable) Contact: Computer Security Division (Information Technology Lab) Latest revision of the SP 800-81-2 (as of August 7, 2015) attached publication: Related information: http://csrc.nist.gov/ Withdrawal N/A announcement (link): Date updated: ƵŐƵƐƚϳ, 2015 Special Publication 800-81r1 Sponsored by the Department of Homeland Security Secure Domain Name System (DNS) Deployment Guide Recommendations of the National Institute of Standards and Technology Ramaswamy Chandramouli Scott Rose i NIST Special Publication 800-81r1 Secure Domain Name System (DNS) Deployment Guide Sponsored by the Department of Homeland Security Recommendations of the National Institute of Standards and Technology Ramaswamy Chandramouli Scott Rose C O M P U T E R S E C U R I T Y Computer Security Division/Advanced Network Technologies Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899 April 2010 U.S.
  • Powerdns Offerings ­ Version Current As of November 2012 ● Remotely Pollable Statistics for Real Time Graphing ● High Performance ● SNMP Statistics Bridge (Read Only)

    Powerdns Offerings ­ Version Current As of November 2012 ● Remotely Pollable Statistics for Real Time Graphing ● High Performance ● SNMP Statistics Bridge (Read Only)

    Products, Features & Services PowerDNS PowerDNS, founded in the late 1990s, is a premier supplier of DNS software, services and support. Deployed throughout the world with some of the most demanding users of DNS, we pride ourselves on quality software and the very best support available. PowerDNS customers include leading telecommunications service providers, large scale integrators, content distribution networks, cable networks / multi service operators and Fortune 500 software companies. In various important markets, like Scandinavia, Germany and The Netherlands, PowerDNS is the number one supplier of nameserver software. PowerDNS is based in The Netherlands, Europe and is privately held. Products Authoritative Server The PowerDNS Authoritative Server is the only solution that enables authoritative DNS service from all major databases, including but not limited to MySQL, PostgreSQL, SQLite3, Oracle, Sybase, Microsoft SQL Server, LDAP and plain text files. DNS answers can also be fully scripted using a variety of (scripting) languages like for example Lua, Java, Perl, Python, Ruby, C and C++. Such scripting can be used for dynamic redirection, (spam)filtering or real time intervention. In addition, the PowerDNS Authoritative Server is the leading DNSSEC implementation, hosting the majority of all DNSSEC domains worldwide. The Authoritative Server hosts at least 30% of all domain names in Europe, and around 90% of all DNSSEC domains in Europe. Recursor The PowerDNS Recursor is a high­end, high­performance resolving name server which powers the DNS resolution of at least a hundred million subscribers. Utilizing multiple processors and supporting the same powerful scripting ability of the Authoritative Server, the Recursor delivers top performance while retaining the flexibility modern DNS deployments require.
  • DNS Introduction

    DNS Introduction

    DNS Introduction www.what-is-my-ip-address.com (C) Herbert Haas 2005/03/11 1 “Except for Great Britain. According to ISO 3166 and Internet tradition, Great Britain's top-level domain name should be gb. Instead, most organizations in Great Britain and Northern Ireland (i.e., the United Kingdom) use the top-level domain name uk. They drive on the wrong side of the road, too.” DNS and BIND book Footnote to the ISO 3166 two-letter country code TLDs 2 DNS Tree Growth 162,128,493 by 2002/7 (C) Herbert Haas 2005/03/11 3 The ISC about the new DNS survey method: The new survey works by querying the domain system for the name assigned to every possible IP address. However, this would take too long if we had to send a query for each of the potential 4.3 billion (2^32) IP addresses that can exist. Instead, we start with a list of all network numbers that have been delegated within the IN-ADDR.ARPA domain. The IN-ADDR.ARPA domain is a special part of the domain name space used to convert IP addresses into names. For each IN- ADDR.ARPA network number delegation, we query for further subdelegations at each network octet boundary below that point. This process takes about two days and when it ends we have a list of all 3-octet network number delegations that exist and the names of the authoritative domain servers that handle those queries. This process reduces the number of queries we need to do from 4.3 billion to the number of possible hosts per delegation (254) times the number of delegations found.
  • DNS and the DNS Cache Poisoning Attack

    DNS and the DNS Cache Poisoning Attack

    Lecture 17: DNS and the DNS Cache Poisoning Attack Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) June 25, 2021 3:21pm ©2021 Avinash Kak, Purdue University Goals: The Domain Name System BIND Configuring BIND Running BIND on your Ubuntu laptop Light-Weight Nameservers (and how to install them) DNS Cache Poisoning Attack Writing Perl and Python code for cache poisoning attacks Dan Kaminsky’s More Virulent DNS Cache Poisoning Attack CONTENTS Section Title Page 17.1 Internet, Harry Potter, and the Magic of DNS 3 17.2 DNS 5 17.3 An Example That Illustrates Extensive DNS 13 Lookups in Even the Simplest Client-Server Interactions 17.4 The Domain Name System and The dig Utility 28 17.5 host, nslookup, and whois Utilities for Name 42 Lookup 17.6 Creating a New Zone and Zone Transfers 45 17.7 DNS Cache 48 17.7.1 The TTL Time Interval 51 17.8 BIND 56 17.8.1 Configuring BIND 58 17.8.2 An Example of the named.conf Configuration File 64 17.8.3 Running BIND on Your Ubuntu Laptop 68 17.9 What Does it Mean to Run a Process in a 70 chroot Jail? 17.10 Phishing versus Pharming 73 17.11 DNS Cache Poisoning 74 17.12 Writing Perl and Python Code for Mounting a 81 DNS Cache Poisoning Attack 17.13 Dan Kaminsky’s More Virulent Exploit for 92 DNS Cache Poisoning 17.14 Homework Problems 99 Computer and Network Security by Avi Kak Lecture 17 Back to TOC 17.1 INTERNET, HARRY POTTER, AND THE MAGIC OF DNS If you have read Harry Potter, you are certainly familiar with the use of owl mail by the wizards and the witches.
  • Självständigt Arbete På Grundnivå

    Självständigt Arbete På Grundnivå

    Självständigt arbete på grundnivå Independent degree project - first cycle Datateknik Computer Engineering Master's thesis Hantering av nätverkscache i DNS Two ye Hans Lindqvist i MITTUNIVERSITETET Avdelningen för informationssystem och -teknologi (IST) Examinator: Ulf Jennehag, [email protected] Handledare: Johannes Lindén, [email protected] Författare: Hans Lindqvist, [email protected] Utbildningsprogram: Datateknik, 180 hp Huvudområde: Datateknik Termin, år: VT, 2019 ii Hantering av nätverkscache i DNS Hans Lindqvist 2019-06-13 Sammanfattning Domännamnsystemet, DNS, utgör en fundamental del av användbarheten för Internet, men dess cachefunktion utmanas av adressers ökande storlek, antal och automatisering. Parallellt råder begränsad minneskapacitet hos vissa enheter i Internets utkant mot Internet of Things. Studien har tittat närmare på nutida behov av namnuppslagning och har då betraktat hur DNS påverkats av IPv6- adressutbredning, mobila enheter, innehållsleveransnätverk och webbläsarfunktioner. Undersökningen har i två fritt tillgängliga serverprogramvaror för DNS-uppslag sökt efter den optimala hanteringen av cache hos begränsade enheter i, eller på gränsen till, Sakernas Internet. Med hjälp av tillgången till öppen källkod för programmen, Unbound och PowerDNS Recursor, har dess respektive strukturer tolkats för att uppskatta och jämföra minnesbehov. Därefter har en simulering gjorts i en laborativ miljö med fiktiva DNS-data av verklighetstrogen karaktär för att mäta den faktiska förbrukningen av minne på DNS-serverns process. Vid simuleringen undveks att individuellt anpassa programmens inställningar, att blanda in data för DNSSEC, samt att införa minnesbegränsningar i testmiljön. Undersökningen av källkod beräknade att Unbound var mer optimalt för posttyperna A+AAAA medan PowerDNS Recursor var effektivare för posttypen PTR. För båda posttyperna som helhet visade mätningarna i simuleringen att Unbound kunde lagra DNS-data tätare än PowerDNS Recursor.
  • Understanding Implications of DNS Zone Provisioning

    Understanding Implications of DNS Zone Provisioning

    Understanding Implications of DNS Zone Provisioning Andrew J. Kalafut Craig A. Shue Minaxi Gupta [email protected] [email protected] [email protected] Computer Science Department Indiana University Bloomington, IN ABSTRACT a domain need to synchronize with each other in their view DNS is a critical component of the Internet. This paper of the zone. The DNS provides a special query for that, takes a comprehensive look at the provisioning of Internet called the zone transfer query. In this work, we leverage the domains and its impact on the availability of various services. zone transfer query to capture detailed information about To gather data, we sweep 60% of the Internet’s domains DNS zones in the Internet. During a three month period, for zone transfers. 6.6% of them allow us to transfer their we swept 60% of the Internet for zone transfers. In order to complete information. We find that carelessness in handling increase our data beyond those zones allowing zone trans- DNS records can lead to reduced availability of name servers, fer, we walked the zones of the second-level domains known email, and Web servers. It also undermines anti-spam efforts to deploy DNSSEC [2] (DNS Security Extensions). This is and the efforts to shut down phishing sites or to contain a slow process since it involves making a large number of malware infections. queries, but its net effect is the same as a zone transfer. Us- ing the two data sets, we examined the DNS zones in our two data sets. The key findings of our study are the following: Categories and Subject Descriptors C.2.2 [Network protocols]: Applications—DNS 1.