* Agenda What is the DNS ? Poisoning the cache Short term solution Long term solution

*DNS Cache Poisoning

*Agenda

What is the DNS ?

Poisoning the cache

Short term solution

Long term solution

* a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network

*Doname Name System

*Zone

*Nameserver

*Authoritative Nameserver

*Resolver

*Recursive Nameserver

*Resource Record

*Delegation

*Terminology

* Nothing prevents any nameserver from hosting any zone, including those it doesn't really own. it has no effect because no higher-level nameserver ever delegates to it

A simple DNS query

What's in a DNS packet?

The packet in the step 7

The Time-To-Live

What's in the cache?

*Poisoning the cache*Step 1:

*Guessing the Query ID and Port Number

*Step 2:

*Flooding the target nameserver

*Guessing the Query ID

* Flooding the target nameserver

*Version 1

* Flooding the target nameserver

*Version 2

*Short term solution*Maximise the amount of randomness

randomizing the Port Number and Query ID

Even patched servers may still be vulnerable if an intervening firewall performs Port Address Translation in a way that un-randomizes the source ports

*Disable open recusive name servers

If you must run a recursive name server, limit access to only

those computers that need it. (e.g. your customers)

*Long term solutionDNSSEC is the current answer to this

problem

Any questions?