Abstract
To combat Domain Name System (DNS) cache poisoning attacks and exploitation of the DNS as amplifier in denial of service (DoS) attacks, many recursive DNS resolvers are configured as “closed” and refuse to answer queries made by hosts outside of their organization. In this work, we present a technique to induce DNS queries within an organization, using the organization’s email service and the Sender Policy Framework (SPF) spam-checking mechanism. We use our technique to study closed resolvers. Our study reveals that most closed DNS resolvers have deployed common DNS poisoning defense techniques such as source port and transaction ID randomization. However, we also find that SPF is often deployed in a way that allows an external attacker to cause the organization’s resolver to issue numerous DNS queries to a victim IP address by sending a single email to any address within the organization’s domain, thereby providing a potential DoS vector.
Original language | English |
---|---|
Title of host publication | Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings |
Editors | Anja Feldmann, Georgios Smaragdakis, Robert Beverly |
Publisher | Springer Verlag |
Pages | 158-169 |
Number of pages | 12 |
ISBN (Print) | 9783319764801 |
DOIs | |
State | Published - 2018 |
Externally published | Yes |
Event | 19th International Conference on Passive and Active Measurement, PAM 2018 - Berlin, Germany Duration: 26 Mar 2018 → 27 Mar 2018 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 10771 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 19th International Conference on Passive and Active Measurement, PAM 2018 |
---|---|
Country/Territory | Germany |
City | Berlin |
Period | 26/03/18 → 27/03/18 |
Bibliographical note
Publisher Copyright:© 2018, Springer International Publishing AG, part of Springer Nature.