Article

Assessing DNS Vulnerability to Record Injection

Authors:

Michael Rabinovich,

Mark AllmanAuthors Info & Claims

PAM 2014: Proceedings of the 15th International Conference on Passive and Active Measurement - Volume 8362

Pages 214 - 223

https://doi.org/10.1007/978-3-319-04918-2_21

Published: 10 March 2014 Publication History

Abstract

The Domain Name System (DNS) is a critical component of the Internet infrastructure as it maps human-readable names to IP addresses. Injecting fraudulent mappings allows an attacker to divert users from intended destinations to those of an attacker's choosing. In this paper, we measure the Internet's vulnerability to DNS record injection attacks–including a new attack we uncover. We find that record injection vulnerabilities are fairly common–even years after some of them were first uncovered.

References

[1]

Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: DNS Security Introduction and Requirements. RFC 4033 (2005)

[2]

Bernstein, D.: http://cr.yp.to/djbdns/notes.html

[3]

Chun, B., Culler, D., Roscoe, T., Bavier, A., Peterson, L., Wawrzoniak, M., Bowman, M.: PlanetLab: An Overlay Testbed for Broad-Coverage Services. ACM CCRä33(3) (2003)

Digital Library

[4]

Dagon, D., Antonakakis, M., Vixie, P., Jinmei, T., Lee, W.: Increased DNS Forgery Resistance Through 0x20-bit Encoding: Security via Leet Queries. ACM CCS (2008)

Digital Library

[5]

Dagon, D., Provos, N., Lee, C., Lee, W.: Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority. In: NDSS (2008)

[6]

Fujiwara, K.: Number of Possible DNSSEC Validators Seen at jp. In: DNS-OARC Workshop (2012)

[7]

Google Public DNS. Performance Benefits, https://developers.google.com/speed/public-dns/docs/performance

[8]

Google Public DNS. Security Benefits, https://developers.google.com/speed/public-dns/docs/security

[9]

Gudmundsson, O., Crocker, S.: Observing DNSSEC Validation in the Wild. In: Workshop on Securing and Trusting Internet Names, SATIN (2011)

[10]

Kaminsky, D.: Black Ops 2008: It's the End of the Cache As We Know It. In: Black Hat USA (2008)

[11]

Leonard, D., Loguinov, D.: Demystifying Service Discovery: Implementing an Internet-Wide Scanner. In: ACM Internet Measurement Conference (2010)

Digital Library

[12]

Mockapetris, P.: Domain Names Implementation and Specification. RFC 1035 (1987)

Digital Library

[13]

Schomp, K., Callahan, T., Rabinovich, M., Allman, M.: Client-Side DNS Infrastructure Datasets, http://dns-scans.eecs.cwru.edu/

Digital Library

[14]

Schomp, K., Callahan, T., Rabinovich, M., Allman, M.: On Measuring the Client-Side DNS Infrastructure. In: ACM Internet Measurement Conference (2013)

Digital Library

[15]

Weaver, N., Kreibich, C., Nechaev, B., Paxson, V.: Implications of Netalyzr's DNS Measurements. In: Workshop on Securing and Trusting Internet Names (SATIN) (2011)

[16]

Weaver, N., Kreibich, C., Paxson, V.: Redirecting DNS for Ads and Profit. In: Workshop on Free and Open Comm. on the Internet (2011)

[17]

Zhang, C., Huang, C., Ross, K., Maltz, D., Li, J.: Inflight Modifications of Content: Who Are The Culprits? In: LEET (2011)

Digital Library

Cited By

Yazdani RJonker MSperotto A(2024)Swamp of Reflectors: Investigating the Ecosystem of Open DNS ResolversPassive and Active Measurement10.1007/978-3-031-56252-5_1(3-18)Online publication date: 11-Mar-2024
https://dl.acm.org/doi/10.1007/978-3-031-56252-5_1
Herrmann DFuchs KLindemann JFederrath H(2022)EncDNS: A Lightweight Privacy-Preserving Name Resolution ServiceComputer Security - ESORICS 201410.1007/978-3-319-11203-9_3(37-55)Online publication date: 10-Mar-2022
https://dl.acm.org/doi/10.1007/978-3-319-11203-9_3
Randall ALiu EPadmanabhan RAkiwate GVoelker GSavage SSchulman ALevin DMislove AAmann JLuckie M(2021)Home is where the hijacking isProceedings of the 21st ACM Internet Measurement Conference10.1145/3487552.3487817(390-397)Online publication date: 2-Nov-2021
https://dl.acm.org/doi/10.1145/3487552.3487817
Show More Cited By

Recommendations

Recovering and Protecting against DNS Cache Poisoning Attacks
ICM '11: Proceedings of the 2011 International Conference of Information Technology, Computer Engineering and Management Sciences - Volume 02

DNSSEC can provide a strong countermeasure to DNS Cache Poisoning Attacks, however, DNSSEC can't be actually deployed in a short time, it is still impossible to avoid poisoning attacks thoroughly, a majority of DNS servers are still hreatened from the ...
Study on the latent state of Kaminsky-style DNS cache poisoning: Modeling and empirical analysis
Abstract
Due to the slow adoption of DNSSEC, the defense against Kaminsky-style DNS cache poisoning still mainly relies on conventional challenge-response mechanisms which have security vulnerabilities. Existing industry and academic research ...
Practical Challenge-Response for DNS
ANRW '18: Proceedings of the 2018 Applied Networking Research Workshop

Authoritative DNS nameservers are vulnerable to being used in denial of service attacks whereby an attacker sends DNS queries while masquerading as a victim---hence coaxing the DNS server to send the responses to the victim. Reflecting off innocent DNS ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

PAM 2014: Proceedings of the 15th International Conference on Passive and Active Measurement - Volume 8362

March 2014

280 pages

ISBN:9783319049175

Editors:
Michalis Faloutsos
Computer Science Department, University of New Mexico, Albuquerque, USA
,
Aleksandar Kuzmanovic
EECS Department, Northwestern University, Evanston, USA

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 10 March 2014

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yazdani RJonker MSperotto A(2024)Swamp of Reflectors: Investigating the Ecosystem of Open DNS ResolversPassive and Active Measurement10.1007/978-3-031-56252-5_1(3-18)Online publication date: 11-Mar-2024
https://dl.acm.org/doi/10.1007/978-3-031-56252-5_1
Herrmann DFuchs KLindemann JFederrath H(2022)EncDNS: A Lightweight Privacy-Preserving Name Resolution ServiceComputer Security - ESORICS 201410.1007/978-3-319-11203-9_3(37-55)Online publication date: 10-Mar-2022
https://dl.acm.org/doi/10.1007/978-3-319-11203-9_3
Randall ALiu EPadmanabhan RAkiwate GVoelker GSavage SSchulman ALevin DMislove AAmann JLuckie M(2021)Home is where the hijacking isProceedings of the 21st ACM Internet Measurement Conference10.1145/3487552.3487817(390-397)Online publication date: 2-Nov-2021
https://dl.acm.org/doi/10.1145/3487552.3487817
Zheng XLu CPeng JYang QZhou DLiu BMan KHao SDuan HQian ZCapkun SRoesner F(2020)Poison over troubled forwardersProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489245(577-593)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489245
Schomp KAl-Dalky R(2020)Partitioning the internet using Anycast catchmentsACM SIGCOMM Computer Communication Review10.1145/3431832.343183450:4(3-9)Online publication date: 26-Oct-2020
https://dl.acm.org/doi/10.1145/3431832.3431834
Allman M(2020)Putting DNS in ContextProceedings of the ACM Internet Measurement Conference10.1145/3419394.3423659(309-316)Online publication date: 27-Oct-2020
https://dl.acm.org/doi/10.1145/3419394.3423659
Randall ALiu EAkiwate GPadmanabhan RVoelker GSavage SSchulman A(2020)TrufflehunterProceedings of the ACM Internet Measurement Conference10.1145/3419394.3423640(50-64)Online publication date: 27-Oct-2020
https://dl.acm.org/doi/10.1145/3419394.3423640
Schomp KBhardwaj OKurdoglu EMuhaimen MSitaraman R(2020)Akamai DNSProceedings of the Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication10.1145/3387514.3405881(465-478)Online publication date: 30-Jul-2020
https://dl.acm.org/doi/10.1145/3387514.3405881
Allman M(2019)On Eliminating Root Nameservers from the DNSProceedings of the 18th ACM Workshop on Hot Topics in Networks10.1145/3365609.3365863(1-8)Online publication date: 13-Nov-2019
https://dl.acm.org/doi/10.1145/3365609.3365863
Allman M(2018)Comments on DNS RobustnessProceedings of the Internet Measurement Conference 201810.1145/3278532.3278541(84-90)Online publication date: 31-Oct-2018
https://dl.acm.org/doi/10.1145/3278532.3278541
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents