DOCSLIB.ORG

(12) Patent Application Publication (10) Pub. No.: US 2010/0011420 A1 DRAKO Et Al

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
(12) Patent Application Publication (10) Pub. No.: US 2010/0011420 A1 DRAKO Et Al US 2010.0011420A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2010/0011420 A1 DRAKO et al. (43) Pub. Date: Jan. 14, 2010 (54) OPERATING ASERVICE ON ANETWORKAS (22) Filed: Jul. 2, 2008 ADOMAN NAME SYSTEM SERVER Publication Classification (75) Inventors: DEAN DRAKO, Los Altos, CA (51) Int. Cl. (US); Zachary Levow, Mountain G06F 7/30 (2006.01) View, CA (US) G06F 5/16 (2006.01) Correspondence Address: H04L 9/32 (2006.01) PATENTRY (52) U.S. Cl. ................. 726/5: 709/245; 707/3; 709/206; P.O. BOX 151616 709/201: 707/E17.014; 707/E17.115; 707/E17.032 SAN RAFAEL, CA 94.915-1616 (US) (57) ABSTRACT (73) Assignee: BARRACUDANETWORKS INC., CAMPBELL, CA (US) Operating a service Such as a remote database as a dins server, receiving inputs such as queries as domain names and trans (21) Appl. No.: 12/167,134 mitting replies in the format of IPv4 or IPv6 addresses. IP CONNECT EMAIL HEADER PARAMETERS FORMING FODN AUTHCODE. IPADDRESS. DNS HERARCHY CLIENT.DB SYSTEM DNS DNS RESOLVER SERVER 20 30 DATABASE 140 Patent Application Publication Jan. 14, 2010 Sheet 1 of 4 US 2010/0011420 A1 IP CONNECT EMAIL HEADER PARAMETERS FORMING FODN AUTHCODE. IPADDRESS. DNS HERARCHY CLIENT.DB SYSTEM DNS DNS RESOLVER SERVER 20 30 DATABASE 40 FIG. Patent Application Publication Jan. 14, 2010 Sheet 2 of 4 US 2010/0011420 A1 IP CONNECT EMAIL HEADER PARAMETERS FORMING FODN AUTHCODE. IPADDRESS. DNS HERARCHY CLIENT.DB SYSTEM DNS FODN DNS DNS OUERY 121 RESOLVER SERVER 20 30 DATABASE 40 FIG.2 Patent Application Publication Jan. 14, 2010 Sheet 3 of 4 US 2010/0011420 A1 DNS HERARCHY SYSTEM DNS DNS RESOLVER SERVER 2O DATABASE ANALYZE 40 BYPASS FIG.3 Patent Application Publication Jan. 14, 2010 Sheet 4 of 4 US 2010/0011420 A1 IP CONNECT EMAIL HEADER PARAMETERS FORMING FODN AUTHCODE. IPADDRESS. DNS HERARCHY CLIENT.DB SYSTEM DNS FODN DNS DNS OUERY 121 RESOLVER SERVER 2O DATABASE ANALYZE 40 BYPASS FIG.4 US 2010/001. 1420 A1 Jan. 14, 2010 OPERATING ASERVICE ON ANETWORKAS DOMAIN NAMES SYSTEM BACKGROUND A DOMAN NAME SYSTEM SERVER 0007. A domain name usually consists of two or more parts (technically labels), separated by dots. For example: CO-PENDING APPLICATIONS example.com. 0008. The rightmost label conveys the top-level domain 0001. Three related applications with common inventors (for example, the address www.example.com has the and assignee are/will be pending: querying a database as a dins top-level domain com). client, operating a service e.g. database as a dins server, and 0009. Each label to the left specifies a subdivision, or facilitating email by checking a database with email coordi subdomain of the domain above it. Note:"subdomain' nates. expresses relative dependence, not absolute depen 0002 Docket Number application numbers: file dates: dence. For example: example.com comprises a Subdo main of the com domain, and www.example.com com 0003) Z-PTNTR200808 prises a Subdomain of the domain example.com. In 0004 Z-PTNTR200809 theory, this subdivision can go down to 127 levels deep. 0005 Z-PTNTR200810 Each label can contain up to 63 characters. The whole domain name does not exceed a total length of 255 TECHNICAL FIELD characters. In practice, Some domain registries may have shorter limits. 0006. The field of the invention is internet based informa 0010. A hostname refers to a domain name that has one tion technology operations and an application to facilitating or more associated IP addresses; ie: the www.example. the transmission of email. com’ and example.com domains are both hostnames, however, the “com domain is not. O011 DNS Servers 0012. The Domain Name System consists of a hierarchical Definition List 1 set of DNS servers. Each domain or subdomain has one or more authoritative DNS servers that publish information Term Definition about that domain and the name servers of any domains Email parameter A text string which is either part of an “beneath” it. The hierarchy of authoritative DNS servers argument of a mail protocol command or a component of a TCP packet header matches the hierarchy of domains. At the top of the hierarchy connecting between email servers. Not stand the root nameservers: the servers to query when looking limited to but includes IP addresses and up (resolving) a top-level domain name (TLD). domain names. The present application 0013 Users generally do not communicate directly with defines and uses this term. IP address An internet protocol (IP) address is DNS. Instead DNS-resolution takes place transparently in e.g. 151.207.245.67 defined in RFC-791 IPv4 standard of the client-applications such as web-browsers, mail-clients, and Internet Engineering Task Force. RFC other Internet applications. When an application makes a 791 defines a replacement IPv6. request which requires a DNS lookup, Such programs send a Domain name Defined in RFC-1034, 1035, 1085, a e.g. www.uspto.gov domain name is a memorable host name resolution request to the local DNS resolver in the local that stands in for a numeric IP address. operating system, which in turn handles the communications DNS Domain Name System defined in RFC required. 1035, includes resolvers and servers 0014. The DNS resolver likely has a cache containing which respond to questions about domain names. The most basic task of recent lookups. If the cache can provide the answer to the DNS is to translate hostnames to IP request, the resolver will return the value in the cache to the addresses. The Domain Name System program that made the request. If the cache does not contain consists of a hierarchical set of DNS the answer, the resolver will send the request to one or more SeWes. SMTP Simple Mail Transfer Protocol designated DNS servers. documented in RFC 2821 0015. When a DNS client needs to look up a name used in DNSBL DNSBL is an abbreviation that usually a program, it queries DNS servers to resolve the name. Each stands for DNS blacklist. Typically query message the client sends contains three pieces of infor entails a domain, a nameserver for that domain, and a list of addresses to mation, specifying a question for the server to answer: publish. Generally returns either an 0016 A specified DNS domain name, stated as a fully address, indicating that the client is qualified domain name (FQDN) listed; or an “NXDOMAIN” (“No such 0.017. A specified query type, which can either specify a domain') code. DNSBL provides resources to support blocking spam. resource record by type or a specialized type of query Fully qualified A fully qualified domain name has at operation. domain name least a host and domain name, including 0.018. A specified class for the DNS domain name. top-level domain. (0019 For example, the name specified could be the FQDN A FQDN always starts with a host name and continues all the way up to the top for a computer, Such as "host—a.example.com., and the level domain name and includes query type specified to look for an address (A) resource intermediate level domains to provide an record by that name. Think of a DNS query as a client asking unambiguous path which specifies the exact location of a host in the Domain a question, Such as "Do you have any A resource records for Name System's tree hierarchy through to a computer named hostname.example.com.?' When the cli a top-level domain ent receives an answer from the server, it reads and interprets the answered A resource record, learning the IP address for the computer it asked for by name. US 2010/001. 1420 A1 Jan. 14, 2010 0020 DNS queries resolve in a number of different ways. deliver e-mail for a particular address. The domain to mail A client can sometimes answer a query locally using cached exchanger mapping provided by DNS MX records tells where information obtained from a previous query. The DNS server to deliver email for a domain. can use its own cache of resource record information to 0034 Sender Policy Framework and DomainKeys instead answer a query. A DNS server can also query or contact other of creating their own record types were designed to take DNS servers on behalf of the requesting client to fully resolve advantage of another DNS record type, the TXT record. In the name, then sendananswer back to the client. This process these cases the TXT record contains a policy or a public key. is known as recursion. 0035. Protocol Details 0021. In addition, the client itself can attempt to contact 0036 DNS primarily uses UDP on port 53 to serve additional DNS servers to resolve a name. In general, the requests. Almost all DNS queries consist of a single UDP DNS query process occurs in two parts: request from the client followed by a single UDP reply from 0022. A name query begins at a client computer and is the server. TCP comes into play only when the response data query beg p size exceeds 512 bytes, or for Such tasks as Zone transfer. passed to a resolver, the DNSClient service, for resolution. Some operating systems such as HP-UX are known to have 0023. When the query cannot be resolved locally, DNS resolver implementations that use TCP for all queries, even servers can be queried as needed to resolve the name. when UDP would suffice. 0024. In the initial steps of the query process, a DNS 0037 Important categories of data stored in DNS include domain name is used in a program on the local computer.
Load more

Recommended publications
  • 8100 Mobile Device Test System Location Test System Module Version 13.1 System Deployment Instructions
    8100 Mobile Device Test System Location Test System Module Version 13.1 System Deployment Instructions 8100 MDTS Location Test System Version 13.1 – System Deployment Instructions © 2020 Spirent Communications, Inc. All Rights Reserved. All of the company names and/or brand names and/or product names referred to in this document, in particular, the name “Spirent” and its logo device, are either registered trademarks or trademarks of Spirent plc and its subsidiaries, pending registration in accordance with relevant national laws. All other registered trademarks or trademarks are the property of their respective owners. The information contained in this document is subject to change without notice and does not represent a commitment on the part of Spirent Communications. The information in this document is believed to be accurate and reliable; however, Spirent Communications assumes no responsibility or liability for any errors or inaccuracies that may appear in the document. Page Part Number: 71-008871, Version A1 www.spirent.com 2 8100 MDTS Location Test System Version 13.1 – System Deployment Instructions Table of Contents 1. Introduction ........................................................................................ 5 1.1. Overview .................................................................................................... 5 1.2. How to Contact Us ..................................................................................... 8 2. System Upgrade Instructions ............................................................
    [Show full text]
  • Why Open Source Software?
    Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! David A. Wheeler http://www.dwheeler.com/contactme.html Revised as of November 7, 2004 This paper provides quantitative data that, in many cases, using open source software / free software is a reasonable or even superior approach to using their proprietary competition according to various measures. This paper’s goal is to show that you should consider using OSS/FS when acquiring software. This paper examines market share, reliability, performance, scalability, security, and total cost of ownership. It also has sections on non- quantitative issues, unnecessary fears, OSS/FS on the desktop, usage reports, governments and OSS/FS, other sites providing related information, and ends with some conclusions. An appendix gives more background information about OSS/FS. You can view this paper at http://www.dwheeler.com/oss_fs_why.html (HTML format). Palm PDA users may wish to use Plucker to view this. A short briefing based on this paper is also available in PDF and Open Office Impress formats (for the latter, use Open Office Impress). Old archived copies and a list of changes are also available. 1. Introduction Open Source Software / Free Software (OSS/FS) has risen to great prominence. Briefly, OSS/FS programs are programs whose licenses give users the freedom to run the program for any purpose, to study and modify the program, and to redistribute copies of either the original or modified program (without having to pay royalties to previous developers). This goal of this paper is to show that you should consider using OSS/FS when you’re looking for software, based on quantitative measures.
    [Show full text]
  • Hc Features Overview
    HC FEATURES OVERVIEW © Hosting Controller 1998 – 2009. All Rights Reserved. HC Features Overview Contents Proprietary Notice........................................................................................................................ 3 HC Overview ................................................................................................................................4 The Company ........................................................................................................................... 4 The Product............................................................................................................................... 4 Latest Version ........................................................................................................................... 6 Benefits....................................................................................................................................... 6 HC Features................................................................................................................................... 7 Development Framework ....................................................................................................... 7 Centralized Database............................................................................................................... 7 Load Balancer ........................................................................................................................... 7 Windows and Linux Support ................................................................................................
    [Show full text]
  • Observed Workarounds
    Observed Workarounds …to synthetic data returned for uninstantiated names in .COM/.NET Paul Vixie [email protected] Internet Software Consortium Background: DNS Responses • Normal answer – “Here is the data matching your question” • Referral (or “Delegation”) – “Here are the servers who could answer you” • Negative answer (or “RCODE 3”) – “There is no such name” Background: ISC’s Involvement • ISC is a not-for-profit who publishes BIND and operates “f-root” (among other things) • Our relevance and success depends on our responsiveness to the technical community • The technical community gave an intensely negative response to VeriSign’s SiteFinder • We have no financial stake in the outcome Workaround: Translate Address back to “RCODE 3” • Unofficial patches for opensource DNSware – Popular programs like BIND, djbdns, others • Look for 64.94.110.11, substitute RCODE3 – This is the address of the SiteFinder web site • Weakness: address could change naturally – For example, due to a DDoS or load balancer • Weakness: other TLDs use other addresses – One BIND8 patch now has a complete list Workaround: Require Referrals From Some TLDs • ISC released new BIND9 feature in ~40 hrs • “delegation-only” for specified domains • Server for .FOO can only send referral (“delegation”) toward servers for SUB.FOO • Normal answers translated to RCODE 3 • This is not BIND’s default behaviour Workaround: Permit Referrals From Some TLDs • ISC improved new BIND9 feature in 4 days • “root-delegation-only” applies to root and all toplevel domains except those specified
    [Show full text]
  • Download Versacheck Free Versacheck Gold Activation Key Freeware
    download versacheck free Versacheck Gold Activation Key Freeware. Locate lost, forgotten or misplaced eM Client activation key by downloading freeware eM Client key locator Tool in your machine. Now get back you misplace or lost eM Client activation key with free eM Client Key Locater. After locate lost eM Client activation key you can easily open your eM Client without having any problem. File Name: eMClientKeyLocator.exe Author: eM Client Key Locater License: Freeware (Free) File Size: 1.93 Mb Runs on: Win7 x32, Win7 x64, Win98, WinVista, WinVista x64, WinXP. The WindowsdlT« Automated Installation Kit (AIK) for WindowsdlT« 7 helps you to install, customize, and deploy the Microsoft WindowsdlT« 7 and Windows ServerdlT« 2008 R2 family of operating systems. File Name: KB3AIK_EN.iso Author: Microsoft License: Freeware (Free) File Size: 1710.08 Mb Runs on: Windows 7. The main features of the program:Supports of the batch processing of videofiles.Supports of practically any videos-formats (even MOV, QT, FLV, SWF, RM if you have appropriate codecs). If the file can be normally played in your video-player (Windows. File Name: VideoThumbnailsMaker_Setup.z ip Author: SUU Design License: Freeware (Free) File Size: 1.4 Mb Runs on: Windows All. MyBusinessCatalog will provide extensive means for creating your own Internet storefront. The program includes an extensive set of tools for creating a digital product catalog and writing it on a CD. The catalog starts right off the CD and does not. File Name: mbcfree.exe Author: MyBusinessCatalog License: Freeware (Free) File Size: Runs on: WindowsAll. Net.Ex Pro, the Ultra Web Browser, comes in 2 Editions, the Basic Edition and the Ultra Edition.
    [Show full text]
  • DNS Survey: October 2010 Geoffrey Sisson C 2010 the Measurement Factory
    DNS Survey: October 2010 Geoffrey Sisson c 2010 The Measurement Factory November 30, 2010 Abstract This study, commissioned by Infoblox, undertakes to measure the number of DNS servers on the Internet and to quantify their various DNS behaviors and configuration choices. 1 Introduction In this study we undertook to measure: • The number of name servers in use in a random 5% sample of the routed IPv4 Internet. • The configuration of zones and associated name servers in a random 1% sample of the domains in the .com, .net, and .org zones. • The implementations and versions of name server software used. • Whether recursion is supported (i.e., open resolvers). • Whether recursive name servers use predictable ports. • Whether authoritative name servers openly permit AXFR. • Whether name servers support TCP. • Configuration decisions for DNSSEC. • Whether DNSSEC-signed zones validate. • How many name servers support EDNS. • How many zones are configured for IPv6, SPF, or DKIM. • How many zones have DNS wildcards. • What SOA and TTL values are in use in a zone. • Whether information in a zone agrees with its parent. • Whether a zone has a lame name server. • Whether the TTLs of the authoritative NS RRs for a zone match. • To what degree redundant name servers are topologically diverse. • How many name servers support 0x20. • The geographic location of name servers. $Id: dns_survey_2010.tex,v 1.27 2010-12-09 22:03:29 geoff Exp $ 3 RESULTS FOR DATASET I 2 Datasets This survey comprises results of two distinct data sets. Dataset I is a random 5% sample of the routed IPv4 Internet.
    [Show full text]
  • Increased DNS Forgery Resistance Through 0X20-Bit Encoding
    Increased DNS Forgery Resistance Through 0x20-Bit Encoding SecURItY viA LeET QueRieS David Dagon Manos Antonakakis Paul Vixie Georgia Institute of Georgia Institute of Internet Systems Consortium Technology Technology [email protected] [email protected] [email protected] Tatuya Jinmei Wenke Lee Internet Systems Consortium Georgia Institute of Technology [email protected] [email protected] ABSTRACT DNS poisoning attacks present a persistent, ongoing threat to We describe a novel, practical and simple technique to make DNS server operations. While there are a variety of DNS poisoning tech- queries more resistant to poisoning attacks: mix the upper and niques, those directed at large cache servers often use two steps: lower case spelling of the domain name in the query. Fortuitously, (a) they force the recursive server to perform a lookup; and then almost all DNS authority servers preserve the mixed case encod- (b) spoof misleading DNS answers, using the source address of the ing of the query in answer messages. Attackers hoping to poison authority server. A successful attacker can change a DNS cache a DNS cache must therefore guess the mixed-case encoding of the entry, and redirect all users of the victim DNS server to arbitrary query, in addition to all other fields required in a DNS poisoning proxy locations. When done to obtain transactional information attack. This increases the difficulty of the attack. (e.g., banking), this technique is called pharming (or large-scale We describe and measure the additional protections realized by phishing) [27]. this technique. Our analysis includes a basic model of DNS poi- Numerous solutions have been proposed to prevent DNS poison- soning, measurement of the benefits that come from case-sensitive ing, e.g., whitelisting [14], cryptographic systems [33], and many query encoding, implementation of the system for recursive DNS client-based systems have been suggested.
    [Show full text]
  • Naming and Security in a Mobile, Multihomed and Multiple Interfaces Environement Daniel Migault
    Naming and security in a mobile, multihomed and multiple interfaces environement Daniel Migault To cite this version: Daniel Migault. Naming and security in a mobile, multihomed and multiple interfaces environement. Architecture, space management. Institut National des Télécommunications, 2012. English. NNT : 2012TELE0033. tel-01016686 HAL Id: tel-01016686 https://tel.archives-ouvertes.fr/tel-01016686 Submitted on 1 Jul 2014 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. I99 59 5h/hw! /hbWhLb 9[9/ha 5t!wL [bL9wL9 tL9ww9 9 a!wL9 /wL9 L !"# 9 $ L Ç 9 t t % 5 a&# t# ' & $ $ 5h/9w 59 Ç9[9/ha {5t!wL b!!& {# $% # ( ! a') a#*! + L % a#% ## ,- !' ,./, $( 0# 1 !% $ 5 # $ *2% a 1 [# t %%# ! #$ t % w # % !'$!$0$ .#'$* t %%# Ü( % Ç*&"# $ /!2& !$ 4# ( t %%# Ü( % $ h## 95!# % 4#1 t#0 t %%# Ü( % t a /# * . 6!1 !%% C 8% # b!!& L / b$ .#9*! t %%# t %* Thèse n° 2012TELE0033 Ref : 2012TELE0033 Télécom Sud Paris / Université Pierre et Marie Curie École Doctorale - EDITE Naming and Security in a Mobile, Multihomed and Multiple Interfaces
    [Show full text]
  • At68 Java & Web Programming Jun 2015
    AT68 JAVA & WEB PROGRAMMING JUN 2015 Q.2 a. List out the properties of static variables and methods in Java. (4) Answer: Unlike instance variables, static variables belong to a class, rather than to specific instances of it. This means that there is only one copy of a static variable, which is accessible from all members of the class, as well as from external "customer" code via objects of the class. For example, a static variable could keep track of a property within the application which remains the same for all class members. The following sample code demonstrates declaring a static variable inside a class declaration: private static int numWomen = 0; Within the class constructor or another method, the variable can be accessed and updated as follows: numWomen++; Class declarations can include static methods. As with variables, static methods provide some functionality that is the same across all object instances of a class. Static methods commonly carry out processing that involves static variables. The following sample static method returns the value of a static variable within a class declaration: public static int getNumWomen() { return numWomen; } b. Explain various primitive data types supported by Java. (4) Answer: int Int is the data type used to declare integers. The int data type is 32 bits and has a maximum value of 2,147,483,647; anything beyond that requires a long data type, which is also primitive. Int is used frequently in Java for calculations. It can also be used to count cycles of a loop, a common programming construct. To declare an int, use int variableName, substituting variableName with the name of your choice.
    [Show full text]
  • A Longitudinal and Comprehensive Study of the DANE Ecosystem in Email
    A Longitudinal and Comprehensive Study of the DANE Ecosystem in Email Hyeonmin Lee∗ Aniketh Girish∗ Roland van Rijswijk-Deij Seoul National University Amrita Vishwa Vidyapeetham University of Twente & NLnet Labs Taekyoung “Ted” Kwon Taejoong Chung Seoul National University Rochester Institute of Technology Abstract 1 Introduction The DNS-based Authentication of Named Entities (DANE) Transport Layer Security (TLS) is responsible for securing In- standard allows clients and servers to establish a TLS connec- ternet traffic in a variety of protocols such as DNS and HTTP. tion without relying on trusted third parties like CAs by pub- Coupled with a Public Key Infrastructure (PKI), TLS relies lishing TLSA records. DANE uses the Domain Name System on certificates to bind entities to their public keys. Certificates Security Extensions (DNSSEC) PKI to achieve integrity and are typically issued by Certificate Authorities (CAs), in a hi- authenticity. However, DANE can only work correctly if each erarchical fashion. At the top level of the hierarchy, there are principal in its PKI properly performs its duty: through their root CAs, who have self-signed certificates since they cannot DNSSEC-aware DNS servers, DANE servers (e.g., SMTP rely on other trusted third parties. servers) must publish their TLSA records, which are consistent However, the current PKI model, discussed above, has been with their certificates. Similarly, DANE clients (e.g., SMTP criticized for its potential vulnerability, since any CA can is- clients) must verify the DANE servers’ TLSA records, which sue certificates for any domain name. Historically, we have are also used to validate the fetched certificates. observed that compromised CAs issued valid-looking but DANE is rapidly gaining popularity in the email ecosystem, fraudulent certificates inappropriately [15, 58, 75].
    [Show full text]
  • Domain Name System Security Extensions
    Domain Name System Security Extensions กฤต วิทวิยะรุจ บริษัท ไทย เนม เซิฟเวอร์ จํากดั DNS ในการเข้าถึงข้อมูลใน Internet เราจําเป็นต้องระบุ Address (ที่อยู)่ ในการเข้าถึงข้อมูล Address จะเป็น ชื่อ หรือ ตัวเลข กได้็ แต่ที่อยูจะต้องไม่ ่ซํ้ากนั Address ที่เป็นชื่อจะถูกแปลงให้เป็นตัวเลข IP โดยระบบที่เรียกวา่ DNS ระบบ DNS ถูกออกแบบมาให้เป็นระบบจัดเกบข้อมูลชื่อ็ Domain/Host แบบกระจาย ข้อมูลใน DNS จะถูกแบ่งออกเป็นลําดับขั้น หรือ Domain หรือ Zone ในแต่ล่ะ Zone จะมีผู้ดูแล/เจ้าของ Domain เป็นคนจัดการ/แกไขข้อมูล้ โดยกรรมสิทธิ์ในการจัดการ Domain จะถูกถ่ายทอดเป็นลําดับขั้นจากแม่ไปสู่ลูก ระบบ DNS ทํางานบนพื้นฐานของความไว้วางใจซึ่งกนและกั นั DNSSEC คือความพยายามที่จะเพิ่มความปลอดภัยให้กบระบบั DNS ทําไม DNS จึงเป็นเป้าหมายในการโจมตี DNS มีอยูทุกที่่ เกือบทุกๆ Client ในปัจจุบันนั้นต้องอาศัย DNS ในการทํางาน โทรศัพท์, Laptop, PC, ATM? DNS ทํางานผานช่ ่องทางที่ไม่ได้มีการเข้ารหัสใดๆ plain text มีหลายวิธี/ช่องทางในระบบ DNS ที่เปิดโอกาสให้ผู้ไมประสงค์ดีจะเข้ามาแก่ ไขข้อมูล้ การโจมตี DNS จะส่งผลต่อกระทบผู้ใช้จํานวนมาก DNSSEC คืออะไร DNSSEC เป็นส่วนขยายเพิ่มเติมของระบบ DNS เริ่มต้นตั้งแตพัฒนาครั่ ้งแรก 1997, ออก RFC มาแล้วสามครั้งในปี 1999, 2005, 2008 สามารถใช้ร่วมกบระบบเดิมได้ั Backward compatible ข้อมูล DNSSEC ไม่ได้ถูกเข้ารหัส ข้อมูล DNS ในระบบ DNSSEC จะถูกทําการประทับตรารับรองจากผู้ดูแลโดเมนด้วยการลง นามอิเล็กโทรนิคส์ เพื่อสร้างเป็น Digital signature Client สามารถตรวจสอบและยืนยันความถูกต้องและสมบูรณ์ของข้อมูลที่ได้รับจาก DNS Server โดยใช้การตรวจสอบ Digital signature ข้อมูลไมถูกปลอมแปลงโดยบุคคลอื่น่ ข้อมูลที่ไมถูกต้องจะถูกทิ่ ้งไป ประโยชน์ของ
    [Show full text]
  • Pietilainen Ville.Pdf (2.751Mt)
    INTERNET-LIIKENTEEN JA SISÄLLÖN SUODATUS Ville Pietiläinen Opinnäytetyö Maaliskuu 2011 Tietotekniikan koulutusohjelma Tekniikan ja liikenteen ala OPINNÄYTETYÖN KUVAILULEHTI Tekijä(t) Julkaisun laji Päivämäärä PIETILÄINEN, Ville Opinnäytetyö 28.3.2011 Sivumäärä Julkaisun kieli 84 SUOMI Luottamuksellisuus Verkkojulkaisulupa myönnetty ( ) saakka ( X ) Työn nimi INTERNET-LIIKENTEEN JA SISÄLLÖN SUODATUS Koulutusoh jelma Tietotekniikka Työn ohjaaja(t) NARIKKA, Jorma Toimeksiantaja(t) Jyväskylän ammattikorkeakoulu, SILTANEN, Jarmo Tiivistelmä Koska perustieto Internet-liikenteen ja sisällön suodatuksesta on hajautunut eri tuotevalmi stajien omiin materiaaleihin, oli työn tavoitteena saada kerättyä tärkein informaatio aiheesta s amoihin kansiin ja toimia käsikirjana tukemassa verkkoliikenteen suodatustekniikoiden valintaa ja toteu- tuksen suunnittelua, niin että pystytään valitsemaan oikeanlainen suodatustekninen ratkaisu. Työn perimmäisenä tarkoituksena oli selvittää lukijalle olennaiset asiat Internet-liikenteen suoda- tuksesta, eli mitä suodatus on, miten se toimii ja mitä toimenpiteitä on suositeltava a suorittaa suodatusjärjestelmää käyttöönotettaessa. Työssä läpikäytiin tekniikoita, joilla verkon ylläpitäjä voi suodattaa Internet-liikennettä ja näin rajoittaa ei-haluttua liikennettä tietoverkossaan. Suodatettavissa sovellusprotokollissa pä äpaino oli World Wide Webin perustana toimivalla HTTP-protokollalla, mutta monet käytetyistä ratkai- suista mahdollistavat myös muunkin verkkoliikenteen suodatuksen. Työn testausosassa tutustuttiin noin
    [Show full text]