Lecture 5 Notes

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: r name server –  Guessing has 1 in 65535 chance (Or does it?) •  Now: –  Ask the local server to lookup google.com –  Spoof the response from google.com using the correct ID –  Bogus response arrives before legit one (maybe) •  Local server caches first response it receives –  ATacker can set a long TTL Guessing Query ID hTp://www.unixwiz.net/tech)ps/iguide- kaminsky- dns- vuln.html Cache Poisoning hTp://www.unixwiz.net/tech)ps/iguide- kaminsky- dns- vuln.html Hijacking Authority Record hTp://www.unixwiz.net/tech)ps/iguide- kaminsky- dns- vuln.html Kaminsky Exploit •  If good guy wins the race, you have to wait un)l the TTL to race again •  But… –  What if you start a new race, for AAAA.google.com, AAAB.google.com, …? –  Forge CNAME responses for each –  Circumvents bailiwick checking Countermeasures •  Randomize id –  Used to be sequen)al •  Randomize source port number –  Used to be the same for all requests from the server •  Offers some protec)on, but aTack s)ll possible Load Balancing using DNS •  Return mul)ple IP addresses (“A” records) for a name •  Benefits –  Spread the load evenly across the IP addresses •  Problems –  Caching, no standard on which address to use, … •  How to solve these problems? –  Poll load to compute return list –  hTp://en.wikipedia.org/wiki/Round- robin_DNS dig www.google.com! ! ; <<>> DiG 9.7.3-P3 <<>> www.google.com! ;; global options: +cmd! ;; Got answer:! ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9457! ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0! ! ;; QUESTION SECTION:! ;www.google.com. ! ! !IN !A! ! ;; AN...
View Full Document

This note was uploaded on 01/27/2014 for the course COSC 4377 taught by Professor Staff during the Spring '08 term at University of Houston.

Ask a homework question - tutors are online