Internet-wide study of DNS cache injections

Amit Klein; Haya Shulman; Michael Waidner

doi:10.1109/INFOCOM.2017.8057202

Internet-wide study of DNS cache injections

Amit Klein, Haya Shulman, Michael Waidner

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

DNS caches are an extremely important tool, providing services for DNS as well as for a multitude of applications, systems and security mechanisms, such as anti-spam defences, routing security (e.g., RPKI), firewalls. Subverting the security of DNS is detrimental to the stability and security of the clients and services, and can facilitate attacks, circumventing even cryptographic mechanisms. We study the caching component of DNS resolution platforms in diverse networks in the Internet, and evaluate injection vulnerabilities allowing cache poisoning attacks. Our evaluation includes networks of leading Internet Service Providers and enterprises, and professionally managed open DNS resolvers. We test injection vulnerabilities against known payloads as well as a new class of indirect attacks that we define in this work. Our Internet evaluation indicates that more than 92% of the Internet's DNS resolution platforms are vulnerable to records injection and can be persistently poisoned.

Original language	English
Title of host publication	INFOCOM 2017 - IEEE Conference on Computer Communications
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781509053360
DOIs	https://doi.org/10.1109/INFOCOM.2017.8057202
State	Published - 2 Oct 2017
Externally published	Yes
Event	2017 IEEE Conference on Computer Communications, INFOCOM 2017 - Atlanta, United States Duration: 1 May 2017 → 4 May 2017

Publication series

Name	Proceedings - IEEE INFOCOM

Conference

Conference	2017 IEEE Conference on Computer Communications, INFOCOM 2017
Country/Territory	United States
City	Atlanta
Period	1/05/17 → 4/05/17

All Science Journal Classification (ASJC) codes

General Computer Science
Electrical and Electronic Engineering

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/INFOCOM.2017.8057202

Cite this

@inproceedings{9b567e68c76d40bea38d84c30bedc823,

title = "Internet-wide study of DNS cache injections",

abstract = "DNS caches are an extremely important tool, providing services for DNS as well as for a multitude of applications, systems and security mechanisms, such as anti-spam defences, routing security (e.g., RPKI), firewalls. Subverting the security of DNS is detrimental to the stability and security of the clients and services, and can facilitate attacks, circumventing even cryptographic mechanisms. We study the caching component of DNS resolution platforms in diverse networks in the Internet, and evaluate injection vulnerabilities allowing cache poisoning attacks. Our evaluation includes networks of leading Internet Service Providers and enterprises, and professionally managed open DNS resolvers. We test injection vulnerabilities against known payloads as well as a new class of indirect attacks that we define in this work. Our Internet evaluation indicates that more than 92% of the Internet's DNS resolution platforms are vulnerable to records injection and can be persistently poisoned.",

author = "Amit Klein and Haya Shulman and Michael Waidner",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 2017 IEEE Conference on Computer Communications, INFOCOM 2017 ; Conference date: 01-05-2017 Through 04-05-2017",

year = "2017",

month = oct,

day = "2",

doi = "10.1109/INFOCOM.2017.8057202",

language = "الإنجليزيّة",

series = "Proceedings - IEEE INFOCOM",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "INFOCOM 2017 - IEEE Conference on Computer Communications",

address = "الولايات المتّحدة",

}

Klein, A, Shulman, H & Waidner, M 2017, Internet-wide study of DNS cache injections. in INFOCOM 2017 - IEEE Conference on Computer Communications., 8057202, Proceedings - IEEE INFOCOM, Institute of Electrical and Electronics Engineers Inc., 2017 IEEE Conference on Computer Communications, INFOCOM 2017, Atlanta, United States, 1/05/17. https://doi.org/10.1109/INFOCOM.2017.8057202

TY - GEN

T1 - Internet-wide study of DNS cache injections

AU - Klein, Amit

AU - Shulman, Haya

AU - Waidner, Michael

PY - 2017/10/2

Y1 - 2017/10/2

N2 - DNS caches are an extremely important tool, providing services for DNS as well as for a multitude of applications, systems and security mechanisms, such as anti-spam defences, routing security (e.g., RPKI), firewalls. Subverting the security of DNS is detrimental to the stability and security of the clients and services, and can facilitate attacks, circumventing even cryptographic mechanisms. We study the caching component of DNS resolution platforms in diverse networks in the Internet, and evaluate injection vulnerabilities allowing cache poisoning attacks. Our evaluation includes networks of leading Internet Service Providers and enterprises, and professionally managed open DNS resolvers. We test injection vulnerabilities against known payloads as well as a new class of indirect attacks that we define in this work. Our Internet evaluation indicates that more than 92% of the Internet's DNS resolution platforms are vulnerable to records injection and can be persistently poisoned.

AB - DNS caches are an extremely important tool, providing services for DNS as well as for a multitude of applications, systems and security mechanisms, such as anti-spam defences, routing security (e.g., RPKI), firewalls. Subverting the security of DNS is detrimental to the stability and security of the clients and services, and can facilitate attacks, circumventing even cryptographic mechanisms. We study the caching component of DNS resolution platforms in diverse networks in the Internet, and evaluate injection vulnerabilities allowing cache poisoning attacks. Our evaluation includes networks of leading Internet Service Providers and enterprises, and professionally managed open DNS resolvers. We test injection vulnerabilities against known payloads as well as a new class of indirect attacks that we define in this work. Our Internet evaluation indicates that more than 92% of the Internet's DNS resolution platforms are vulnerable to records injection and can be persistently poisoned.

UR - http://www.scopus.com/inward/record.url?scp=85031690123&partnerID=8YFLogxK

U2 - 10.1109/INFOCOM.2017.8057202

DO - 10.1109/INFOCOM.2017.8057202

M3 - منشور من مؤتمر

T3 - Proceedings - IEEE INFOCOM

BT - INFOCOM 2017 - IEEE Conference on Computer Communications

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2017 IEEE Conference on Computer Communications, INFOCOM 2017

Y2 - 1 May 2017 through 4 May 2017

ER -

Internet-wide study of DNS cache injections

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this