Model checking the DNS under DNS cache-poisoning attacks using SPIN
نویسندگان
چکیده
منابع مشابه
The Hitchhiker's Guide to DNS Cache Poisoning
DNS cache poisoning is a serious threat to today’s Internet. We develop a formal model of the semantics of DNS caches, including the bailiwick rule and trust-level logic, and use it to systematically investigate different types of cache poisoning and to generate templates for attack payloads. We explain the impact of the attacks on DNS resolvers such as BIND, MaraDNS, and Unbound and their impl...
متن کاملUnilateral Antidotes to DNS Cache Poisoning
We investigate defenses against DNS cache poisoning focusing on mechanisms that can be readily deployed unilaterally by the resolving organisation, preferably in a single gateway or a proxy. DNS poisoning is (still) a major threat to Internet security; determined spoofing attackers are often able to circumvent currently deployed antidotes such as port randomisation. The adoption of DNSSEC, whic...
متن کاملBIND 9 DNS Cache Poisoning v0.8.9_clean
The paper shows that BIND 9 DNS queries are predictable – i.e. that the source UDP port and DNS transaction ID can be effectively predicted. A predictability algorithm is described that, in optimal conditions, provides very few guesses for the “next” query (10 in the basic attack, and 1 in the advanced attack), thereby overcoming whatever protection offered by the transaction ID mechanism. This...
متن کاملDepenDNS: Dependable Mechanism against DNS Cache Poisoning
DNS cache poisoning attacks have been proposed for a long time. In 2008, Kaminsky enhanced the attacks to be powerful based on nonce query method. By leveraging Kaminsky’s attack, phishing becomes large-scale since victims are hard to detect attacks. Hence, DNS cache poisoning is a serious threat in the current DNS infrastructure. In this paper, we propose a countermeasure, DepenDNS, to prevent...
متن کاملSolving the DNS Cache Poisoning Problem Without Changing the Protocol
In this paper we propose a solution to the DNS cache poisoning problem, which we called WSEC DNS (Wildcard Secure DNS). Our solution leverages existing properties of the DNS protocol and does not require any changes neither to the DNS protocol itself nor to the DNS resolution software run by nameservers. We propose to take advantage of the definition of wildcards given in RFC 1034 and RFC 4592,...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: ScienceAsia
سال: 2016
ISSN: 1513-1874
DOI: 10.2306/scienceasia1513-1874.2016.42s.049