Article

Using the domain name system for system break-ins

Author:

Steven M. BellovinAuthors Info & Claims

SSYM'95: Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5

Page 18

Published: 05 June 1995 Publication History

Abstract

The DARPA Internet uses the Domain Name System (DNS), a distributed database, to map host names to network addresses, and vice-versa. Using a vulnerability first noticed by P.V. Mockapetris, we demonstrate how the DNS can be abused to subvert system security. We also show what tools are useful to the attacker. Possible defenses against this attack, including one implemented by Berkeley in response to our reports of this problem, are discussed, and the limitations on their applicability are demonstrated.

This paper was written in 1990, and was withheld from publication by the author. The body of the paper is unchanged, even to the extreme of giving the size of the Internet as 200,000 hosts. An epilogue has been added that discusses why it was held back, and why it is now being released.

References

[1]

{Bel89} Steven M. Bellovin. Security problems in the TCP/IP protocol suite. Computer Communications Review, 19(2):32-48, April 1989.]]

Digital Library

[2]

{Bel90} Steven M. Bellovin. Pseudonetwork drivers and virtual networks. In USENIX Conference Proceedings, pages 229-244, Washington, D.C., January 22-26, 1990.]]

[3]

{BM91} Steven M. Bellovin and Michael Merritt. Limitations of the Kerberos authentication system. In USENIX Conference Proceedings, pages 253-267, Dallas, TX, Winter 1991.]]

[4]

{Bry88} B. Bryant. Designing an authentication system: A dialogue in four scenes, February 8, 1988. Draft.]]

[5]

{CDF89} J. Case, C. Davin, and M. Fedor. Simple network management protocol SNMP. Technical Report RFC 1098, Internet Engineering Task Force, April 1989. Obsoletes RFC 1067; Updated by RFC1157.]]

Digital Library

[6]

{EK95} Donald E. Eastlake, 3rd and Charles W. Kaufman. Domain name system protocol security extensions. Internet draft; work in progress, January 2, 1995.]]

[7]

{KN93} J. Kohl and B. Neuman. The kerberos network authentication service (V5). Request for Comments (Experimental) RFC 1510, Internet Engineering Task Force, Sep 1993.]]

Digital Library

[8]

{MNSS87} S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer. Kerberos authentication and authorization system. In Project Athena Technical Plan. MIT, December 1987. Section E.2.1.]]

[9]

{Moc87a} P. Mockapetris. Domain names - concepts and facilities. Request for Comments (Standard) RFC 1034, Internet Engineering Task Force, November 1987. Obsoletes RFC0973; Updated by RFC1101.]]

Digital Library

[10]

{Moc87b} P. Mockapetris. Domain names - implementation and specification. Request for Comments (Standard) RFC 1035, Internet Engineering Task Force, November 1987. Obsoletes RFC0973; Updated by RFC1348.]]

Digital Library

[11]

{Mor85} Robert T. Morris. A weakness in the 4.2BSD Unix TCP/IP software. Computing Science Technical Report 117, AT&T Bell Laboratories, Murray Hill, NJ, February 1985.]]

[12]

{NT94} B. Clifford Neuman and Theodore Ts'o. Kerberos: An authentication service for computer networks. IEEE Communications , 32(9):33-38, September 1994.]]

Digital Library

[13]

{SNS88} Jennifer Steiner, B. Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An authentication service for open network systems. In Proc. Winter USENIX Conference , pages 191-202, Dallas, TX, 1988.]]

[14]

{SS93} Christoph L. Schuba and Eugene H. Spafford. Addressing weaknesses in the domain name system protocol. Master's thesis, Purdue University, 1993. Department of Computer Sciences.]]

[15]

{Sto89} Cliff Stoll. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage . Doubleday, New York, 1989.]]

Digital Library

[16]

{Vix95} Paul Vixie. DNS and BIND security issues. In Proceedings of the Fifth Usenix UNIX Security Symposium, Salt Lake City, UT, 1995. To appear.]]

Digital Library

Cited By

Alowaisheq ETang SWang ZAlharbi FLiao XWang XLigatti JOu XKatz JVigna G(2020)Zombie Awakening: Stealthy Hijacking of Active Domains through DNS Hosting ReferralProceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security10.1145/3372297.3417864(1307-1322)Online publication date: 30-Oct-2020
https://dl.acm.org/doi/10.1145/3372297.3417864
Zhauniarovich YKhalil IYu TDacier M(2018)A Survey on Malicious Domains Detection through DNS Data AnalysisACM Computing Surveys10.1145/319132951:4(1-36)Online publication date: 6-Jul-2018
https://dl.acm.org/doi/10.1145/3191329
Cifuentes FHevia AMontoto FBarros TRamiro VBustos-Jiménez J(2016)Poor Man's Hardware Security Module (pmHSM)Proceedings of the 9th Latin America Networking Conference10.1145/2998373.2998452(59-64)Online publication date: 13-Oct-2016
https://dl.acm.org/doi/10.1145/2998373.2998452
Show More Cited By

Index Terms

Using the domain name system for system break-ins

Recommendations

Detecting Network Security Threats Using Domain Name System and NetFlow Traffic
ICCSP 2018: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy

With more and more organization in the world rely on the Internet to do their business or activity, the malicious attackers are always looking for ways to penetrate in organization internal network to achieve their malicious goals. The malicious ...
Denial of Service against the Domain Name System

Because many network services rely on the Domain Name System, denial-of-service attacks against it can be particularly damaging. This article analyzes such threats and reviews existing and proposed countermeasures for addressing them.
Stronger Domain Name System Thwarts Root-Server Attacks

Domain Name System security measures and quick, coordinated responses by Internet engineers are helping to make distributed denial-of-service attacks less effective.

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SSYM'95: Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5

June 1995

204 pages

Sponsors

UniForum
USENIX Assoc: USENIX Assoc

Publisher

USENIX Association

United States

Publication History

Published: 05 June 1995

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

25
Total Citations
View Citations
40
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Alowaisheq ETang SWang ZAlharbi FLiao XWang XLigatti JOu XKatz JVigna G(2020)Zombie Awakening: Stealthy Hijacking of Active Domains through DNS Hosting ReferralProceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security10.1145/3372297.3417864(1307-1322)Online publication date: 30-Oct-2020
https://dl.acm.org/doi/10.1145/3372297.3417864
Zhauniarovich YKhalil IYu TDacier M(2018)A Survey on Malicious Domains Detection through DNS Data AnalysisACM Computing Surveys10.1145/319132951:4(1-36)Online publication date: 6-Jul-2018
https://dl.acm.org/doi/10.1145/3191329
Cifuentes FHevia AMontoto FBarros TRamiro VBustos-Jiménez J(2016)Poor Man's Hardware Security Module (pmHSM)Proceedings of the 9th Latin America Networking Conference10.1145/2998373.2998452(59-64)Online publication date: 13-Oct-2016
https://dl.acm.org/doi/10.1145/2998373.2998452
Liu DHao SWang HWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)All Your DNS Records Point to UsProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978387(1414-1425)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978387
Gao HYegneswaran VJiang JChen YPorras PGhosh SDuan H(2016)Reexamining DNS from a global recursive resolver perspectiveIEEE/ACM Transactions on Networking10.1109/TNET.2014.235863724:1(43-57)Online publication date: 1-Feb-2016
https://dl.acm.org/doi/10.1109/TNET.2014.2358637
Cho CKang JJeong J(2015)Performance analysis of DNS-assisted global mobility management scheme in cost-optimized proxy mobile IPv6 NetworksInformation Systems10.1016/j.is.2014.08.00148:C(226-235)Online publication date: 1-Mar-2015
https://dl.acm.org/doi/10.1016/j.is.2014.08.001
Yuan LChen CMohapatra PChuah CKant K(2013)A Proxy View of Quality of Domain Name Service, Poisoning Attacks and Survival StrategiesACM Transactions on Internet Technology10.1145/2461321.246132412:3(1-26)Online publication date: 1-May-2013
https://dl.acm.org/doi/10.1145/2461321.2461324
Jøsang A(2011)Trust extortion on the internetProceedings of the 7th international conference on Security and Trust Management10.1007/978-3-642-29963-6_2(6-21)Online publication date: 27-Jun-2011
https://dl.acm.org/doi/10.1007/978-3-642-29963-6_2
Guette G(2009)Automating trusted key rollover in DNSSECJournal of Computer Security10.5555/1662641.166264317:6(839-854)Online publication date: 1-Dec-2009
https://dl.acm.org/doi/10.5555/1662641.1662643
Pappas VWessels DMassey DLu STerzis AZhang L(2009)Impact of configuration errors on DNS robustnessIEEE Journal on Selected Areas in Communications10.1109/JSAC.2009.09040427:3(275-290)Online publication date: 1-Apr-2009
https://dl.acm.org/doi/10.1109/JSAC.2009.090404
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents