ICANN DNS 研讨会 | May 2021

摘要

In today’s DNS infrastructure, DNS forwarders are devices standing in between DNS clients and recursive resolvers. The devices often serve as ingress servers for DNS clients, and instead of resolving queries, they pass the DNS requests to other servers. Because of the advantages and several use cases, DNS forwarders are widely deployed and queried by Internet users. However, studies have shown that DNS forwarders can be more vulnerable devices in the DNS infrastructure. In this paper, we present a cache poisoning attack targeting DNS forwarders. Through this attack, attackers can inject rogue records of arbitrary victim domain names using a controlled domain, and circumvent widely-deployed cache poisoning defences. By performing tests on popular home router models and DNS software, we find several vulnerable implementations, including those of large vendors (e.g., D-Link, Linksys, dnsmasq and MS DNS). Further, through a nationwide measurement, we estimate the population of Chinese mobile clients which are using vulnerable DNS forwarders. We have been reporting the issue to the affected vendors, and so far have received positive feedback from three of them. Our work further demonstrates that DNS forwarders can be a soft spot in the DNS infrastructure, and calls for attention as well as implementation guidelines from the community..

日期
May 25, 2021 12:00 PM — May 27, 2021 3:45 PM
位置
线上举办

在2021年第四届ICANN的DNS线上研讨会中,我介绍了实验室晓峰师兄所提出了的一种新型DNS缓存污染攻击

李想
李想
博士研究生(网络空间安全)

研究领域涉及网络安全,协议安全,IPv6安全,DNS安全以及互联网测量。

上一页

相关