Upload File

dns hijack demonstration (diverting user application via dns) giovanni marzot,...

8
DNS Hijack Demonstration (Diverting User Application via DNS) Giovanni Marzot, [email protected] , Cobham Ólafur Guðmundsson, [email protected] , Shinkuro, Inc. Russ Mundy, [email protected] , Cobham 1

Upload: scot-harper

Post on 04-Jan-2016

220 views

Category:

Documents


1 download

Report

Tags:

TRANSCRIPT

Page 1: DNS Hijack Demonstration (Diverting User Application via DNS) Giovanni Marzot, giovanni.marzot@cobham.com, Cobhamgiovanni.marzot@cobham.com Ólafur Guðmundsson,

DNS Hijack Demonstration(Diverting User Application via DNS)

Giovanni Marzot, [email protected], CobhamÓlafur Guðmundsson, [email protected], Shinkuro, Inc.

Russ Mundy, [email protected], Cobham

1

Page 2: DNS Hijack Demonstration (Diverting User Application via DNS) Giovanni Marzot, giovanni.marzot@cobham.com, Cobhamgiovanni.marzot@cobham.com Ólafur Guðmundsson,

Why Worry About DNS? Users think in terms of names

Applications primarily use DNS names Internet uses network addresses to create

connections DNS provides the translation from names to

network addresses Proper DNS functions required by essentially

all Network Applications If DNS doesn’t work right, the applications won’t get to the intended

server

Page 3: DNS Hijack Demonstration (Diverting User Application via DNS) Giovanni Marzot, giovanni.marzot@cobham.com, Cobhamgiovanni.marzot@cobham.com Ólafur Guðmundsson,

DNS Hijack Threat DNS attacks provide a way to divert users

applications, e.g., Redirecting user applications to false locations to

steal passwords or other sensitive information Redirect to a man-in-the-middle location

See and copy an entire session Web, email, IM, etc.

Multiple DNS hijack tools available on the Internet Some University courses have required students

to write DNS hijack software as a class assignment!

Page 4: DNS Hijack Demonstration (Diverting User Application via DNS) Giovanni Marzot, giovanni.marzot@cobham.com, Cobhamgiovanni.marzot@cobham.com Ólafur Guðmundsson,

Normal DNS & Web Exchange

Web Serverwww.ab.org192.168.2.80

Auth NSns1.ab.org

192.168.2.252

User

192.168.1.3

192.168.1.1

192.168.2.1

Recursive NS

10.2.2.2

10.1.1.2

10.1.1.253

10.1.1.1

10.2.2.1

1Query: www.ab.org?

2Query: www.ab.org?

www.ab.org=192.168.2.80

4

5

www.ab.org=192.168.2.803

“INTERNET”

Page 5: DNS Hijack Demonstration (Diverting User Application via DNS) Giovanni Marzot, giovanni.marzot@cobham.com, Cobhamgiovanni.marzot@cobham.com Ólafur Guðmundsson,

Web Serverwww.ab.org192.168.2.80

Auth NSns1.ab.org

192.168.2.252

User192.168.1.3

192.168.1.1

192.168.2.1

Recursive NS

10.2.2.2

10.1.1.2

10.1.1.253

10.1.1.1

10.2.2.1

RedirectedWebsite

1Query: www.ab.org?

2www.ab.org=10.2.2.1

Query: www.ab.org?www.ab.org=192.168.2.80

www.ab.org=192.168.2.80

“INTERNET”

DNS Hijacked Web Exchange

DNS Hijacker192.168.1.99

3

?

?

Page 6: DNS Hijack Demonstration (Diverting User Application via DNS) Giovanni Marzot, giovanni.marzot@cobham.com, Cobhamgiovanni.marzot@cobham.com Ólafur Guðmundsson,

6

1 Webpage = Multiple Name Resolutions

Page 7: DNS Hijack Demonstration (Diverting User Application via DNS) Giovanni Marzot, giovanni.marzot@cobham.com, Cobhamgiovanni.marzot@cobham.com Ólafur Guðmundsson,

How Can DNSSEC Help? DNSSEC can ensure users that they are

reaching the right location DNSSEC provides crytographic information that

can be used to verify that DNS information: came from the proper source and it was not changed enroute

Demonstration will show a web site tailored for effective use of DNSSEC and a web browser that uses DNSSEC

Page 8: DNS Hijack Demonstration (Diverting User Application via DNS) Giovanni Marzot, giovanni.marzot@cobham.com, Cobhamgiovanni.marzot@cobham.com Ólafur Guðmundsson,

Questions, Thoughts or Comments?


DNS: EdgeCast Route - Basic DNS Service Overview

Windows Server 2008 R2 IPv6 的 DNS 及 IIS 設定 · DNS f6e5d4 (SOA) IPv6 (AAAA) 17 CTR) DNS DNS w1N2008 imntcedll im_ntc _ ed u _ tv im.ntc.edn.tv DNS DNS DNS w1N2008 imntcedll

Constellation: automated discovery of service and host ......DHCP MOM DNS DNS KERBEROS LDAP HTTP SMB LDAP MOM DNS DNS DNS DNS Figure 1: Small fragment of a constellation depicting

Domain Name System. CONTENTS Definitions. DNS Naming Structure. DNS Components. How DNS Servers work. DNS Organizations. Summary

DNS. Sommario Introduzione al DNS Introduzione al DNS La terminologia del DNS La terminologia del DNS Nomi DNS in un dominio Windows 2003 Nomi DNS in

DNS Session 2: DNS cache operation and DNS debuggingbrian/doc/dns/dns2-presentation.pdf · DNS Session 2: DNS cache operation and DNS debugging ... the wrong answers if the authoritative

Networking:! UDP&!DNS! · Root DNS Servers com DNS servers org DNS servers edu DNS servers poly.edu DNS servers umass.edu DNS servers yahoo.com DNS servers amazon.com

DNS Security Pacific IT Pros Nov. 5, 2013. Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage

Cisco Yonlendirici DNS Sunucu | Cisco DNS Sunucu

Securing DNS: Doing DNS As If DNS Actually Matteredjoe/secprof10-dns/secprof10-dns.pdf · Doing DNS As If DNS Actually Mattered ... -- releasing malware that tweaks host file entries

DNS Session 2: DNS cache operation and DNS debugging

Day 2 Dns Cert 3 Dns Organizations

International Space Station: Investing in Humanity’s Future International Exploration Framework William Russell [email protected] ASTE 527 December

DNS Cache y DNS Zonas_Dquintero

RIPE76 DNS Privacy measurements · DNS WG @ RIPE76 DNS Privacy Measurements Latest Measurements on DNS Privacy Sinodun ... Unbound . DNS WG @ RIPE76 DNS Privacy Measurements Test

STRENTHENING YOUR EXTERNAL DNS External DNS Overview DNS Background Strengthening External DNS with Anycast Example of an Anycast DNS Service

Microcontrollers & Microprocessors UT32M0R500 Functional ...€¦ · Version 1.1.0 1 Cobham Semiconductor Solutions Cobham.com/HiRel . 32. Cobham.com/HiRel. Microcontrollers & Microprocessors

Overview - TWNIC · Overview • DNS Protocol Overview • DNS Security • DNS Transactions – TSIG and Lab • DNS Security Extensions (DNSSec) – DNSSEC Lab . 21/06/16 2 DNS

2010 ICF Canoe Slalom World Championships SLOKA 2010...2010/09/12  · 25 FORIZS Reka HUN DNS DNS 27 POLEZHAEVA Svetlana KAZ DNS DNS 28 NIKOLAEVA Irina UZB DNS DNS Chief Judge _____

Configuring DNS · Example: Configuring DNS Spoofing Inthefollowingexample,thedeviceisconfiguredtospoofrepliestoanyDNSqueries: ip dns server ip dns spoofing no ip domain lookup

DNS Session 4: Delegation and Reverse DNS

Таблица 1. В Домашнем регионеfederal/news/novost_ne_besplatnie... · dns://acs.feib.ru/ dns://acs.kjbank.com/ dns://acs.ktc.co.th

DNS-2640 User Manual QS0001 - DataON Storagedoc.dataonstorage.com/product/DNS/2640/DNS-2640_User_Manual.pdf · DNS-2640 User Manual 2 Package content The DNS-2640 box contains the

DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address

Domain Name System (DNS). Outline Functions of DNS Design goals of DNS History of DNS Elements of DNS –Name space and resource records –Name servers –Name

EDUCAZIONE FORMAZIONE SVILUPPO CAPACITÀ … · Bartoleschi) per l’assistenza nell’editoria elettronica e Marzio Marzot per i suoi suggerimenti ... apre le porte delle scuole

Passive DNS Hardening - Farsight Security...Introduction DNS Security Issues Passive DNS hardening DNSDB DNS Passive DNS ISC SIE Passive DNS I Passive DNS replicationis a technology

DHCP DNS: DNS: WINS: WINS

Manual Servidor DNS Con Simple DNS Plus

Monitor Windows DNS Server using DNS Analytics … · Monitor Windows DNS Server using DNS Analytics (Preview) ... analyzes and correlates Windows DNS analytic and audit logs and

USENIX | The Advanced Computing Systems Association · DNS, LDAP, Port Mapper, RPC DNS, LDAP DNS Mail exchange, DNS DNS, AD, Kerberos ... Knowing in advance Improves response time

dns ile alakalı diyer kelimeler · dns failover 1300 0,36 17,75 euro dns 720 0,05 6,03 dns management 1300 0,5 7,92 dns registration 720 0,89 27,22 dns blacklist 1600 0,11 2,69 dns

今さら聞けないIP アドレスとドメイン名 ~見抜く …サーバ net DNS サーバ com DNSサーバ DNS DNS DNS DNS example DNS サーバ exampleの DNSサーバが

DNS and Troubleshooting DNS issues in Linux

DNS Tutorial @ IETF-63courses.cs.vt.edu/.../Naming/DNS-Tutorial-Slides.pdf · 2005/07/31 DNS Tutorial @ IETF-63 [email protected] & [email protected] 13 DNS Record Types: • DNS Internal types