Ask a question from expert

Ask now

DNS Vulnerability Paper

5 Pages996 Words219 Views
   

Added on  2019-09-20

DNS Vulnerability Paper

   Added on 2019-09-20

BookmarkShareRelated Documents
ContentsExecutive Summary...............................................................................................................................2Technical Description............................................................................................................................2Exploitation Description....................................................................................................................2Attack Vector....................................................................................................................................2Exploitation Scenario........................................................................................................................3Mitigation..........................................................................................................................................3Remediation.......................................................................................................................................3References............................................................................................................................................5
DNS Vulnerability Paper_1
Executive SummaryThis paper would provide the DNS vulnerability referred to as CVE-2008 – 1447 or morecommonly known as the DNS Spoofing attack or DNS Cache Poisoning attack. Thediscovery was made my Dan Kaminsky and this vulnerability allows an attacker to attackrecursive name servers. These name servers are those that receives requests from the clientand then passes on these to an actual authoritative name server. This attack combines apreviously known method of attack wherein the attacker poisons the recursive server and thenpoints the recursive server to a fake authoritative server so as to ensure that the attack issuccessful [2]. This paper would also talk about this vulnerability in detail and then it wouldalso talk about the exploitation scenario wherein the actual attack would be demonstrated.The paper would then talk about the mitigation factors which means steps as a user could takereduce the threat or impact and then finally remediation for the vulnerability.Technical DescriptionExploitation DescriptionThis vulnerability affects the DNS protocol itself and is not specific to any particularimplementation. The DNS protocol typically makes use of a Query ID field in order to matchthe income requests to previously sent queries. This Query ID is only 16 bits long which iswhy it becomes an easier target for exploiting this scenario. As such, the vulnerability allowsfor name servers to be spoofed in a way that the cache can be infected thereby not pointing tothe original authoritative server but to a server of choice by the attacker. A successful attackbasically means, that the attacker has spoofed the DNS cache, poisoned it and then pointed itto an entirely new domain so that the users coming to the original server would be redirectedto the custom server of choice. So for instance, an attacker could hijack www.google.com andpoint to a server that is riddled with malware and viruses or by even acting smartly, theattacker could capture users’ password and username and financial details among other thingsbased on the website they hijack. Moreover the attacker could just grab all the mails,intercept chat traffic and combine with other attacks to make matters worse do anything elsehe/she wants provided that domain name resolution is needed. Attack VectorAs mentioned previously, the attacker would be looking for recursive servers that are thosename servers that are ready to accept request from a client and pass this information to anauthoritative name server. The attack discloses a novel method of poisoning the cache of the
DNS Vulnerability Paper_2

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Windows RPC Vulnerability CVE-2008-4250: Technical Description, Attack Vectors, and Mitigation
|5
|927
|426

Vulnerability in GNU C Library allows remote code execution
|4
|937
|382