The following paper was originally published in the Proceedings of the Fifth USENIX UNIX Security Symposium Salt Lake City, Utah, June 1995.
Using the Domain Name System for System Break-ins
Steven M. Bellovin AT&T Bell Laboratories
For more information about USENIX Association contact: 1. Phone: 510 528-8649 2. FAX: 510 548-5738 3. Email: [email protected] 4. WWW URL: http://www.usenix.org
Using the Domain Name System for System Break ins
Steven M Bellovin
smb research att com
AT T Bel l Laboratories
Abstract recommendations to software develop ers and system
administrators
Throughout this pap er we fo cus on the problem
The DARPAInternet uses the Domain Name Sys
as it applies to Berkeley s remote login and remote
tem DNS a distributed database to map host
shell services Wemention these sp eci cally b ecause
names to network addresses and vice versa Using
they are ubiquitous and the source co de is read
a vulnerability rst noticed byP V Mo ckap etris we
ily available Almost certainly any other network
demonstrate how the DNS can b e abused to sub
services that rely on host names for authentication
vert system security We also show what to ols are
would b e vulnerable This probably includes vari
useful to the attacker Possible defenses against this
ous implementations of remote or networked le sys
attack including one implemented by Berkeley in re
tems
sp onse to our rep orts of this problem are discussed
and the limitations on their applicability are demon
strated