1 / 8

DNS Hijack Demonstration (Diverting User Application via DNS)

DNS Hijack Demonstration (Diverting User Application via DNS). Giovanni Marzot , giovanni.marzot@cobham.com , Cobham Ó lafur Guðmundsson , ogud@shinkuro.com , Shinkuro, Inc. Russ Mundy, russ.mundy@cobham.com , Cobham. Why Worry About DNS?. Users think in terms of names

virginia-gallagher
Download Presentation

DNS Hijack Demonstration (Diverting User Application via DNS)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DNS Hijack Demonstration(Diverting User Application via DNS) Giovanni Marzot, giovanni.marzot@cobham.com, Cobham ÓlafurGuðmundsson, ogud@shinkuro.com, Shinkuro, Inc. Russ Mundy, russ.mundy@cobham.com, Cobham

  2. Why Worry About DNS? • Users think in terms of names • Applications primarily use DNS names • Internet uses network addresses to create connections • DNS provides the translation from names to network addresses • Proper DNS functions required by essentially all Network Applications • If DNS doesn’t work right, •  the applications won’t get to the intended server

  3. DNS Hijack Threat • DNS attacks provide a way to divert users applications, e.g., • Redirecting user applications to false locations to steal passwords or other sensitive information • Redirect to a man-in-the-middle location • See and copy an entire session • Web, email, IM, etc. • Multiple DNS hijack tools available on the Internet • Some University courses have required students to write DNS hijack software as a class assignment!

  4. Web Server www.ab.org192.168.2.80 Auth NS ns1.ab.org 192.168.2.252 Recursive NS 2 Query: www.ab.org? www.ab.org=192.168.2.80 3 4 5 www.ab.org=192.168.2.80 1 Query: www.ab.org? Normal DNS & Web Exchange 10.1.1.253 192.168.2.1 10.1.1.1 10.2.2.2 10.2.2.1 “INTERNET” 10.1.1.2 192.168.1.1 User 192.168.1.3

  5. Web Server www.ab.org192.168.2.80 Auth NS ns1.ab.org 192.168.2.252 Recursive NS Query: www.ab.org? ? www.ab.org=192.168.2.80 3 www.ab.org=192.168.2.80 1 Query: www.ab.org? DNS Hijacker 192.168.1.99 ? 2 www.ab.org=10.2.2.1 DNS Hijacked Web Exchange Redirected Website 10.1.1.253 192.168.2.1 10.1.1.1 10.2.2.2 10.2.2.1 “INTERNET” 10.1.1.2 192.168.1.1 User 192.168.1.3

  6. 1 Webpage = Multiple Name Resolutions

  7. How Can DNSSEC Help? • DNSSEC can ensure users that they are reaching the right location • DNSSEC provides crytographic information that can be used to verify that DNS information: • came from the proper source and • it was not changed enroute • Demonstration will show a web site tailored for effective use of DNSSEC and a web browser that uses DNSSEC

  8. Questions, Thoughts or Comments?

More Related