DNS Cache Poisoning Attack - Modern Techniques and Solutions

dns cache poisoning attack reloaded revolutions n.w
1 / 8
Embed
Share

Learn about the DNS cache poisoning attack reloaded with new side channels and its implications on security. Discover how attackers infer source ports and extend the attack window, along with solutions to defend against such threats.

  • DNS Security
  • Cache Poisoning
  • Attack Techniques
  • Cybersecurity
  • Solutions
rayaanacharya
anre203 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. DNS CACHE POISONING ATTACK RELOADED: REVOLUTIONS WITH SIDE CHANNELS SEMINAR AND PEER REVIEW

  2. INTRODUCTION The Domain Name System convert human-readable web addresses into IP addresses. Today, DNS hosts many other security-critical applications DNS also plays a vital role in TLS trust. Damage to the integrity of DNS records will bring catastrophic security risks. Fake certificates issued by attackers will affect public key encryption technology. 2025/5/9

  3. DNS CACHE POISONING ATTACKS Modern DNS infrastructures have multiple layers of caching, and client applications often initiate DNS queries to the local operating system stub resolver The stub resolver does not perform any iterative query but forwards the request to the upper recursive resolver. DNS forwarders usually exist in Wi-Fi routers and maintain a dedicated DNS cache. recursive resolver completes the real work of iteratively querying authoritative name servers. Then the answer is returned and cached in each layer.. 2025/5/9

  4. ATTACK OVERVIEW this attack method always starts from triggering one of them to send a DNS query Infer the source port: use a new universal side channel in the network stack to scan and discover the source port used to initiate DNS queries. Expand the attack window: attack takes time to infer the source port and inject malicious DNS replies. extend the attack window to at least a few seconds allowing the actual chance of cache poisoning. Once the source port number is known, attacker can simply intercept many forged DNS replies 2025/5/9

  5. ATTACK DETAIL 1 INFERRING DNS QUERY S SOURCE PORT Analysis of UDP Source Port Scannability: ICMP Rate Limit Challenge: Vulnerable DNS Forwarder and Resolver Population 2025/5/9

  6. ATTACK DETAIL 2 EXTENDING THE ATTACK WINDOW Extending Window in a Forwarder Attack The attacker first sends the address of his domain to the forwarder, which will eventually trigger the upstream resolver to query the authoritative name server controlled by the attacker. Extending Window in a Resolver Attack if the RRL limit is reached, the response is either truncated or discarded. DNS queries at a rate higher than the configured limit, this feature can be maliciously used to disable the DNS. 2025/5/9

  7. SOLUTION AND DEFEND METHOD The proposed attack is basically a non-path attack Mitigated by additional randomness and cryptographic solutions. The combined function of DNSSEC and DNS cookie defeat most off-path attacks. not allow outgoing ICMP replies at all. The cost may be the loss of some network troubleshooting and diagnostic functions. use RRL to prevent attackers from easily disabling authoritative name servers. Other simple mitigation strategies include: (1) Set DNSq query timeout. The disadvantage is that more retransmission queries may be introduced, and the overall performance will be worse. (2) Use anycast method. uses an intrusion detection system (IDS) and an intrusion prevention system (IPS) 2025/5/9

  8. CRITICISM Lack of comparison between Side Channels attacks and traditional DNS Cache Poisoning Attack Restricted by many factors. Such as Network delay, data encryption. Cannot have a great impact on most of the DNS it is very simple to effectively defend against this attack 2025/5/9

Related


CSE 122 Winter 2024 - Lecture 18: Putting It All Together Review

CSE 122 Winter 2024 - Lecture 18: Putting It All Together Review

lochlan
Principles and Applications of Symmetry in Magnetism Summer School Lecture

Principles and Applications of Symmetry in Magnetism Summer School Lecture

eleanora
Spring 2BL : Lecture 5

Spring 2BL : Lecture 5

zakai
An Overview of AI Applications in Medicine - Lecture Highlights

An Overview of AI Applications in Medicine - Lecture Highlights

denise
Enhancing Student Learning Through Formative Assessment in Lecture-Based Courses

Enhancing Student Learning Through Formative Assessment in Lecture-Based Courses

varian
2D Geometric Transformations for Computer Graphics

2D Geometric Transformations for Computer Graphics

maira
Understanding Heat Transfer in Thermodynamics Lecture

Understanding Heat Transfer in Thermodynamics Lecture

shania
Advanced Methods of Interpretation: Hermeneutics and Structuralism Lecture at Masaryk University

Advanced Methods of Interpretation: Hermeneutics and Structuralism Lecture at Masaryk University

rjed
Materials Physics Lecture Series: AIMS Program Overview

Materials Physics Lecture Series: AIMS Program Overview

blanchet_h
Reforms of Henry II: Glanvill Lecture Overview

Reforms of Henry II: Glanvill Lecture Overview

dai_har
The War of Resistance 1937-45: Lecture Recap on Key Events

The War of Resistance 1937-45: Lecture Recap on Key Events

ljer
Implications of President's NSA Review Group - Conway-Walker Lecture

Implications of President's NSA Review Group - Conway-Walker Lecture

wei_leo
Classical Physics and Special Projects in PHYS 3313-001 Lecture

Classical Physics and Special Projects in PHYS 3313-001 Lecture

kolesar_k
CSE 311: Foundations of Computing I - Lecture 1 Overview

CSE 311: Foundations of Computing I - Lecture 1 Overview

dcha
Thermal Physics Lecture by Dr. Erwin Sitompul at President University

Thermal Physics Lecture by Dr. Erwin Sitompul at President University

mckinzle
Introduction to Code Reasoning in CSE331 Lecture

Introduction to Code Reasoning in CSE331 Lecture

yrose
Comprehensive Eye Assessment Lecture by Prof. Salma Khadim Jehad

Comprehensive Eye Assessment Lecture by Prof. Salma Khadim Jehad

spartacu
Physics 1443 Section 003 Lecture #9 Summary and Homework Announcement

Physics 1443 Section 003 Lecture #9 Summary and Homework Announcement

maan576
Advanced Topics in Communication Systems: Lecture 18 Overview and Final Exam Details

Advanced Topics in Communication Systems: Lecture 18 Overview and Final Exam Details

smiha
Proper Handling and Storage of Lecture Bottles in Laboratories

Proper Handling and Storage of Lecture Bottles in Laboratories

gwy_ke
Medical Lecture Committee and Funds Overview

Medical Lecture Committee and Funds Overview

desantos_j
Physics 100 Clicker Reminder and Lecture Notes

Physics 100 Clicker Reminder and Lecture Notes

kayse

More Related Content