1

DNS

Prepared by : Hasham Khan hkhan.msee16seecs@seecs.edu.pk

School of Electrical Engineering and Computer Science (SEECS)

….NUST

2

Key Contents

What is DNS ? Why we need DNS ? Before DNS ? How DNS Works ? Some DNS Security Issues Some Security Techniques.

3

What is DNS ?Domain name system.

An application Layer Protocol.

It translates host names into their IP Addresses.

4

Why we need DNS ? 1. Devices on the internet communicate with each other using IP Addresses.2. Difficult to memorize addresses.

Solution:1. Hosts should be given names.2. Mapping between host’s names and their IP Addresses. DONE USING DNS

5

Before DNS ? At start of Internet : less users.

Host file. After Some Time:

Increase in no: of users. Centralized single computer.

Finally: DNS

6

How DNS Works ?

7

DNS Security Issues

8

1. DNS Cache Poisoning

Corrupt the cache of the DNS server. i.e make the information false.

9

10

A Real Life Example

11 October 2013 Attack on Malaysian Google Domain.

Pakistani group called MADLEETS (1337).

Redirecting users to a Canadian-hosted website.

11

5 October 2014 Attack on Indonesian

Google Domain.

Pakistani group

called MADLEETS (1337).

12

2. Denial of Service (DOS) Attacks

Saturate the Servers running sites by flooding them with simultaneous queriesfrom a single machine.

Attempt to make a given

service impossible or very hard to access.

13

A Real Life Example

2 November 1988 Robert Morris, a CS graduate student, did the first DoS attack.

March 1998 A group performed DOS attack against several U.S. government and university servers.

14

3. Distributed Denial of Service (DDOS) Attacks Saturate the Servers running sites by flooding them with simultaneous queriesfrom multiple machines/botnets controlled by hacker.

Attacker

Slaves

Victim

15

A Real Life Example

21 October 2002 Attack on 13 root servers at same time. 9 badly effected Duration was 1 hour.

16

4. DNS Reflection Attack Send thousands of requests to the DNS with the victim’s name as the Source Address.

17

A Real Life Example

18

5. NXDOMAIN Attack Non-existing domain query.

DNS cache filled up with NXDOMAIN results.

Impact:

Slow down DNS Server

Waste of DNS Resources.

19

6. Phantom Domain Attack Phantom domain queries.

Phantom Domains are hacker created.

May not send responses or may be slow.

Impact:

Slow down DNS Server

Waste of DNS Resources.

20

Security Techniques1). Use of DNS Firewall.

2). Hire a company.

3). Clear DNS Cache frequently.

4). DNS Cache Locking.

5). Use the latest DNS Software versions.

6). Use of DNSSEC , DNS Security Protocol.

21

References [1]. https://www.tripwire.com/state-of-security/latest-security-news/googles-malaysian-domains-hit-dns-cache-poisoning-attack/

[2]. https://krebsonsecurity.com/2016/11/akamai-on-the-record-krebsonsecurity-attack/

[3]. http://www.networkworld.com/article/2886283/security0/top-10-dns-attacks-likely-to-infiltrate-your-network.html#slide8

[4]. http://siliconangle.com/blog/2013/08/26/5-notorious-ddos-attacks-in-2013-big-problem-for-the-internet-of-things/

[5]. http://www.afnic.fr/actu/presse/liens-utiles_en

22

THANK YOU