DNS Vulnerability Paper

Added on - 20 Sep 2019

  • 5

    pages

  • 996

    Words

  • 82

    Views

  • 0

    Downloads

Showing pages 1 to 2 of 5 pages
ContentsExecutive Summary...............................................................................................................................2Technical Description............................................................................................................................2Exploitation Description....................................................................................................................2Attack Vector....................................................................................................................................2Exploitation Scenario........................................................................................................................3Mitigation..........................................................................................................................................3Remediation.......................................................................................................................................3References............................................................................................................................................5
Executive SummaryThis paper would provide the DNS vulnerability referred to asCVE-2008 – 1447or morecommonly known as the DNS Spoofing attack or DNS Cache Poisoning attack. Thediscovery was made my Dan Kaminsky and this vulnerability allows an attacker to attackrecursive name servers. These name servers are those that receives requests from the clientand then passes on these to an actual authoritative name server. This attack combines apreviously known method of attack wherein the attacker poisons the recursive server and thenpoints the recursive server to a fake authoritative server so as to ensure that the attack issuccessful [2]. This paper would also talk about this vulnerability in detail and then it wouldalso talk about the exploitation scenario wherein the actual attack would be demonstrated.The paper would then talk about the mitigation factors which means steps as a user could takereduce the threat or impact and then finally remediation for the vulnerability.Technical DescriptionExploitation DescriptionThis vulnerability affects the DNS protocol itself and is not specific to any particularimplementation. The DNS protocol typically makes use of a Query ID field in order to matchthe income requests to previously sent queries. This Query ID is only 16 bits long which iswhy it becomes an easier target for exploiting this scenario. As such, the vulnerability allowsfor name servers to be spoofed in a way that the cache can be infected thereby not pointing tothe original authoritative server but to a server of choice by the attacker. A successful attackbasically means, that the attacker has spoofed the DNS cache, poisoned it and then pointed itto an entirely new domain so that the users coming to the original server would be redirectedto the custom server of choice. So for instance, an attacker could hijackwww.google.comandpoint to a server that is riddled with malware and viruses or by even acting smartly, theattacker could capture users’ password and username and financial details among other thingsbased on the website they hijack. Moreover the attacker could just grab all the mails,intercept chat traffic and combine with other attacks to make matters worse do anything elsehe/she wants provided that domain name resolution is needed.Attack VectorAs mentioned previously, the attacker would be looking for recursive servers that are thosename servers that are ready to accept request from a client and pass this information to anauthoritative name server. The attack discloses a novel method of poisoning the cache of the
desklib-logo
You’re reading a preview
card-image

To View Complete Document

Become a Desklib Library Member.
Subscribe to our plans

Download This Document