1 to bob from alice 2 to alice from bob alice computer

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: the network 11.22.33.44 bank.com? Network Computer Networks 56 28 12/3/13 DNS ANacks •  How can a network aNacker corrupt the DNS? Computer Networks 57 DNS Spoofing (2) •  To spoof, Trudy returns a fake DNS response that appears to be true –  Fake response contains bad binding DNS query Nameserver Cache Client Nameserver Computer Networks False DNS reply Trudy 58 29 12/3/13 DNS Spoofing (3) •  Lots of ques7ons! 1.  How does Trudy know when the DNS query is sent and what it is for? 2.  How can Trudy supply a fake DNS reply that appears to be real? 3.  What happens when the real DNS reply shows up? •  There are solu7ons to each issue … Computer Networks 59 DNS Spoofing (4) 1.  How does Trudy know when the query is sent and what it is for? •  Trudy can make the query herself! –  Nameserver works for many clients –  Trudy is just another client Computer Networks 60 30 12/3/13 DNS Spoofing (5) 2.  How can Trudy supply a fake DNS reply that appears to be real? •  A bit more difficult. DNS checks: –  Reply is from authorita7ve nameserver (e.g., .com) –  Reply ID that matches the request –  Reply is for outstanding query •  (Nothing about content though …) Computer Networks 61 DNS Spoofing (6) 2.  How can Trudy supply a fake DNS reply that appears to be real? •  Techniques: –  Put IP of authorita7ve nameserver as the source IP address –  ID is 16 bits (64K). Send many guesses! (Or if a counter, sample to predict.) –  Send reply right aCer query •  Good chance of succeeding! Computer Networks 62 31 12/3/13 DNS Spoofing (7) 3.  Wh...
View Full Document

Ask a homework question - tutors are online