C.L. Schuba, and E.H. Spafford, "Addressing Weaknesses in the Domain Name System Protocol." Technical Report, Department of Computer Sciences, Purdue University, 1994.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....helpful in using the RRs in the other sections. For instance, the additional section of a response may contain A RRs to provide the IP addresses for the NS RRs listed in the authority section. 4. 4 DNS Vulnerabilities Bellovin [4, 5] Gavron [25] Cheswick and Bellovin [12] Schuba and Spafford [60], Vixie [71] and CERT advisory 98:05 [10] have discussed several security problems with DNS. In the following, we summarize their findings: in particular, cache poisoning, failure to authenticate DNS responses, information leakage, masquerading as other name servers, and denial of service. 3 ....

....to improve performance. The attacker can poison the cache of the victim machine by sending DNS packets that contain faked RRs to the victim. By contaminating the cache of B s local server with a mapping entry D IP a , the attacker can defeat the cross checking. Schuba s and Spafford s paper [60] described several ways to carry out cache poisoning in great details. The message authentication mechanism used by most implementations of DNS is weak. Specifically, a querier attaches an id to a query, and uses it to match with the id of the corresponding response. Suppose a server S 1 sends a ....

[Article contains additional citation context not shown here]

C.L. Schuba, and E.H. Spafford, "Addressing Weaknesses in the Domain Name System Protocol." Technical Report, Department of Computer Sciences, Purdue University, 1994.

....carries RRs that may be helpful in using the RRs in the other sections. For instance, the additional section of a response may contain A RRs to provide the IP addresses for the NS RRs listed in the authority section. 3. DNS Vulnerabilities Bellovin [3, 4] Gavron [10] Schuba and Spafford [15], Vixie [17] and CERT advisory CA 98.05 [5] discuss several security problems of DNS. In the following, we describe two well known problems of DNS that are relevant to this paper cache poisoning and failure to authenticate DNS responses. In the cache poisoning attack, an attacker can trick a ....

C.L. Schuba, and E.H. Spafford, "Addressing Weaknesses in the Domain Name System Protocol. " Technical Report, Department of Computer Sciences, Purdue University, 1994.

....DNS provides a mapping between host names and numerical Internet Protocol addresses. Although essentially only a user level service, without it much of what is carried out on the Internet would be impossible. Whilst DNS is a vital service, the security problems posed by using DNS are numerous[7,8]. The main risk surrounds the amount of local information that the DNS can make public. Allowing access to a site s hostnames opens up the potential for attacks where name based authentication, such as .rhosts files, is in use. It also provides a lucrative source of inside information for the ....

Schuba, C.L. and Spafford, E.H., "Addressing Weaknesses in the Domain Name System Protocol", submitted to the twenty-second Telecomunications Policy Research Conference, 1994.

....the secrecy may have been in vain. Apart from reports that this exact technique was used by hackers many years ago and the reports are quite reliable the paper leaked anyway. We have seen it on at least one Web server, and follow up work by Schuba has been available for quite some time [SS93]. ....

Christoph L. Schuba and Eugene H. Spafford. Addressing weaknesses in the domain name system protocol. Master's thesis, Purdue University, 1993. Department of Computer Sciences.

....of an authentication error in the name lookup protocol that binds the high level addresses used for identification to Internet Protocol (IP) addresses. This error is representative of a number of other similar 45 flaws that can be exploited using a weakness in the Domain Name Service protocol [Sch93] The error occurred because the origin of the message (hostname) was not authenticated. In SunOS 4.1 and SunOS 4.1.1, any user could redirect characters away from any other user s terminal device. The error occurred because the input output routine failed to properly check access rights of the ....

Christoph Schuba. Addressing Weaknesses in the Domain Name System Protocol. Master's thesis, Purdue University, 1993. 110

....policies and mechanisms to solve the problem of trust in the Domain Name System. Some of these policies and mechanisms might be abstractable to distributed naming services in general. Although this problem has been known for some years now, not many publications deal with it. Bel90] and [Sch93] are the principal accounts that we can mention as related work. Bel90] demonstrates the subversion of system security using the DNS and discusses possible defenses against the attack and limitations on their applicability. The paper follows suggestions from Paul V. Mockapetris, the designer of ....

....accounts that we can mention as related work. Bel90] demonstrates the subversion of system security using the DNS and discusses possible defenses against the attack and limitations on their applicability. The paper follows suggestions from Paul V. Mockapetris, the designer of the DNS. In [Sch93] the details of the exploitation of the weakness are worked out and several approaches to solve the weakness in the DNS are discussed with emphasis on hardening the name server implementations and the usage of strong cryptographic methods for authentication. 2 The Problem 2.1 Statement of the ....

Christoph L. Schuba. Addressing Weaknesses in the Domain Name System Protocol. Master's thesis, Purdue University, West Lafayette, IN, August 1993.

No context found.

C. Schuba and E. Spafford. Addressing Weaknesses in the Domain Name System Protocol, MS Thesis, Purdue University, USA, August 1993.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC