Internet-wide study of DNS cache injections

Amit Klein, Haya Shulman, Michael Waidner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

44 Scopus citations

Abstract

DNS caches are an extremely important tool, providing services for DNS as well as for a multitude of applications, systems and security mechanisms, such as anti-spam defences, routing security (e.g., RPKI), firewalls. Subverting the security of DNS is detrimental to the stability and security of the clients and services, and can facilitate attacks, circumventing even cryptographic mechanisms. We study the caching component of DNS resolution platforms in diverse networks in the Internet, and evaluate injection vulnerabilities allowing cache poisoning attacks. Our evaluation includes networks of leading Internet Service Providers and enterprises, and professionally managed open DNS resolvers. We test injection vulnerabilities against known payloads as well as a new class of indirect attacks that we define in this work. Our Internet evaluation indicates that more than 92% of the Internet's DNS resolution platforms are vulnerable to records injection and can be persistently poisoned.

Original languageEnglish
Title of host publicationINFOCOM 2017 - IEEE Conference on Computer Communications
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781509053360
DOIs
StatePublished - 2 Oct 2017
Externally publishedYes
Event2017 IEEE Conference on Computer Communications, INFOCOM 2017 - Atlanta, United States
Duration: 1 May 20174 May 2017

Publication series

NameProceedings - IEEE INFOCOM
ISSN (Print)0743-166X

Conference

Conference2017 IEEE Conference on Computer Communications, INFOCOM 2017
Country/TerritoryUnited States
CityAtlanta
Period1/05/174/05/17

Bibliographical note

Publisher Copyright:
© 2017 IEEE.

Fingerprint

Dive into the research topics of 'Internet-wide study of DNS cache injections'. Together they form a unique fingerprint.

Cite this