Model checking the DNS under DNS cache-poisoning attacks using SPIN

نویسندگان
چکیده

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

The Hitchhiker's Guide to DNS Cache Poisoning

DNS cache poisoning is a serious threat to today’s Internet. We develop a formal model of the semantics of DNS caches, including the bailiwick rule and trust-level logic, and use it to systematically investigate different types of cache poisoning and to generate templates for attack payloads. We explain the impact of the attacks on DNS resolvers such as BIND, MaraDNS, and Unbound and their impl...

متن کامل

Unilateral Antidotes to DNS Cache Poisoning

We investigate defenses against DNS cache poisoning focusing on mechanisms that can be readily deployed unilaterally by the resolving organisation, preferably in a single gateway or a proxy. DNS poisoning is (still) a major threat to Internet security; determined spoofing attackers are often able to circumvent currently deployed antidotes such as port randomisation. The adoption of DNSSEC, whic...

متن کامل

BIND 9 DNS Cache Poisoning v0.8.9_clean

The paper shows that BIND 9 DNS queries are predictable – i.e. that the source UDP port and DNS transaction ID can be effectively predicted. A predictability algorithm is described that, in optimal conditions, provides very few guesses for the “next” query (10 in the basic attack, and 1 in the advanced attack), thereby overcoming whatever protection offered by the transaction ID mechanism. This...

متن کامل

DepenDNS: Dependable Mechanism against DNS Cache Poisoning

DNS cache poisoning attacks have been proposed for a long time. In 2008, Kaminsky enhanced the attacks to be powerful based on nonce query method. By leveraging Kaminsky’s attack, phishing becomes large-scale since victims are hard to detect attacks. Hence, DNS cache poisoning is a serious threat in the current DNS infrastructure. In this paper, we propose a countermeasure, DepenDNS, to prevent...

متن کامل

Solving the DNS Cache Poisoning Problem Without Changing the Protocol

In this paper we propose a solution to the DNS cache poisoning problem, which we called WSEC DNS (Wildcard Secure DNS). Our solution leverages existing properties of the DNS protocol and does not require any changes neither to the DNS protocol itself nor to the DNS resolution software run by nameservers. We propose to take advantage of the definition of wildcards given in RFC 1034 and RFC 4592,...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ژورنال

عنوان ژورنال: ScienceAsia

سال: 2016

ISSN: 1513-1874

DOI: 10.2306/scienceasia1513-1874.2016.42s.049