[Haifux] Fwd: [CS Colloquium] June 19th at 14:15 Haya Shulman on DNS Cache-Poisoning: New Attacks and Defenses

[Orna Agmon Ben-Yehuda]

---------- Forwarded message ----------
From: Rachel Kolodny <trachel at cs.haifa.ac.il>
Date: Mon, Jun 17, 2013 at 3:04 PM
Subject: [CS Colloquium] June 19th at 14:15 Haya Shulman on DNS
Cache-Poisoning: New Attacks and Defenses
To: colloq <Colloq at cs.haifa.ac.il>


June 19th, Wednesday 14:15, Room 303, Jacobs Building

Title: DNS Cache-Poisoning: New Attacks and Defenses

Lecturer: Haya Shulman

Lecturer homepage :
http://scholar.google.com/citations?user=IyGJlV8AAAAJ&hl=en

Affiliation :Department of Computer Science, Bar Ilan University

 The Domain Name System (DNS) is key to the availability and correct
operation of the Internet. Due to its significance it is also a
lucrative target for attacks, most notably for cache poisoning. DNS
cache-poisoning enables attackers to redirect clients to malicious
hosts, allowing distribution of malware, credentials theft, phishing
and spam, web sites defacement, and more.

Cryptographic defenses were designed (DNSSEC), but are not widely
deployed; instead, multiple challenge-response defenses are used.
However, we show how attackers may be able to circumvent those
defenses and poison in spite of them; specifically:



- Circumvent source port randomisation, in the (common) case where the
resolver connects to the Internet via different NAT devices.

- Circumvent IP address randomisation supported by standard-conforming
resolvers.

- Circumvent query randomisation, including both randomisation by
prepending a random nonce and case randomisation (0x20 encoding).

We present countermeasures preventing our attacks; however, we
advocate that only correct adoption of cryptographic security such as
DNSSEC, can prevent the cache-poisoning attacks, and discuss the
challenges and status of DNSSEC deployment.



Joint work with Amir Herzberg.
_______________________________________________
Colloq mailing list
Colloq at cs.haifa.ac.il
https://cs.haifa.ac.il/mailman/listinfo/colloq

The material posted is under the full responsibility of whoever posted it
and under their sole responsibility and liability. The University takes no
responsibility whatsoever for any material or other damage, direct or
indirect, that may incur from publications in the forum and/or distribution
list. Nor is it responsible for the authenticity of any data and material
posted in the forum and/or distribution list, their legality, accuracy,
credibility or their completeness




-- 
Orna Agmon Ben-Yehuda.
http://ladypine.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://haifux.org/pipermail/haifux/attachments/20130617/43a329b2/attachment.html