1. IP Fragmentation
について、ここに記述してください。
2012年5月17日にイスラエル・バル=イラン大学のA. Herzberg教授とH. Shulman氏により発表された論文、
- “Fragmentation Considered Poisonous”で報告
– この時点ではDNS関係者の間では大きな話題にはならず
• 2013年8月1日にIETF 87 saag(Security Area Advisory Group)の招待講演において発表 – “DNS Cache-Poisoning: New Vulnerabilities and Implications, or: DNSSEC, the time has come!” <http://www.ietf.org/proceedings/87/slides/slides-87-saag-3.pdf> – 発表後、dns-operations MLで大きな話題に
http://arxiv.org/abs/1205.4011
Fragmentation Considered Poisonous Amir Herzberg, Haya Shulman (Submitted on 17 May 2012)
- We present practical poisoning and name-server block- ing attacks on standard DNS resolvers, by off-path, spoofing adversaries. Our attacks exploit large DNS responses that cause IP fragmentation; such long re- sponses are increasingly common, mainly due to the use of DNSSEC. In common scenarios, where DNSSEC is partially or incorrectly deployed, our poisoning attacks allow 'com- plete' domain hijacking. When DNSSEC is fully de- ployed, attacker can force use of fake name server; we show exploits of this allowing off-path traffic analy- sis and covert channel. When using NSEC3 opt-out, attacker can also create fake subdomains, circumvent- ing same origin restrictions. Our attacks circumvent resolver-side defenses, e.g., port randomisation, IP ran- domisation and query randomisation. The (new) name server (NS) blocking attacks force re- solver to use specific name server. This attack allows Degradation of Service, traffic-analysis and covert chan- nel, and also facilitates DNS poisoning. We validated the attacks using standard resolver soft- ware and standard DNS name servers and zones, e.g., org.
- fyi/fwiw, looks like some of the papers mentioned in today's SAAG talk are returned by this search...
Invited Presentation
- DNS Cache-Poisoning: New Vulnerabilities and Implications
- Amir Herzberg, Haya Shulman