Post on 25-Jan-2017
1
DNS
Prepared by : Hasham Khan hkhan.msee16seecs@seecs.edu.pk
School of Electrical Engineering and Computer Science (SEECS)
….NUST
2
Key Contents
What is DNS ? Why we need DNS ? Before DNS ? How DNS Works ? Some DNS Security Issues Some Security Techniques.
3
What is DNS ?Domain name system.
An application Layer Protocol.
It translates host names into their IP Addresses.
4
Why we need DNS ? 1. Devices on the internet communicate with each other using IP Addresses.2. Difficult to memorize addresses.
Solution:1. Hosts should be given names.2. Mapping between host’s names and their IP Addresses. DONE USING DNS
5
Before DNS ? At start of Internet : less users.
Host file. After Some Time:
Increase in no: of users. Centralized single computer.
Finally: DNS
6
How DNS Works ?
7
DNS Security Issues
8
1. DNS Cache Poisoning
Corrupt the cache of the DNS server. i.e make the information false.
9
10
A Real Life Example
11 October 2013 Attack on Malaysian Google Domain.
Pakistani group called MADLEETS (1337).
Redirecting users to a Canadian-hosted website.
11
5 October 2014 Attack on Indonesian
Google Domain.
Pakistani group
called MADLEETS (1337).
12
2. Denial of Service (DOS) Attacks
Saturate the Servers running sites by flooding them with simultaneous queriesfrom a single machine.
Attempt to make a given
service impossible or very hard to access.
13
A Real Life Example
2 November 1988 Robert Morris, a CS graduate student, did the first DoS attack.
March 1998 A group performed DOS attack against several U.S. government and university servers.
14
3. Distributed Denial of Service (DDOS) Attacks Saturate the Servers running sites by flooding them with simultaneous queriesfrom multiple machines/botnets controlled by hacker.
Attacker
Slaves
Victim
15
A Real Life Example
21 October 2002 Attack on 13 root servers at same time. 9 badly effected Duration was 1 hour.
16
4. DNS Reflection Attack Send thousands of requests to the DNS with the victim’s name as the Source Address.
17
A Real Life Example
18
5. NXDOMAIN Attack Non-existing domain query.
DNS cache filled up with NXDOMAIN results.
Impact:
Slow down DNS Server
Waste of DNS Resources.
19
6. Phantom Domain Attack Phantom domain queries.
Phantom Domains are hacker created.
May not send responses or may be slow.
Impact:
Slow down DNS Server
Waste of DNS Resources.
20
Security Techniques1). Use of DNS Firewall.
2). Hire a company.
3). Clear DNS Cache frequently.
4). DNS Cache Locking.
5). Use the latest DNS Software versions.
6). Use of DNSSEC , DNS Security Protocol.
21
References [1]. https://www.tripwire.com/state-of-security/latest-security-news/googles-malaysian-domains-hit-dns-cache-poisoning-attack/
[2]. https://krebsonsecurity.com/2016/11/akamai-on-the-record-krebsonsecurity-attack/
[3]. http://www.networkworld.com/article/2886283/security0/top-10-dns-attacks-likely-to-infiltrate-your-network.html#slide8
[4]. http://siliconangle.com/blog/2013/08/26/5-notorious-ddos-attacks-in-2013-big-problem-for-the-internet-of-things/
[5]. http://www.afnic.fr/actu/presse/liens-utiles_en
22
THANK YOU