Assessing DNS Vulnerability to Record Injection
نویسندگان
چکیده
The Domain Name System (DNS) is a critical component of the Internet infrastructure as it maps human-readable names to IP addresses. Injecting fraudulent mappings allows an attacker to divert users from intended destinations to those of an attacker’s choosing. In this paper, we measure the Internet’s vulnerability to DNS record injection attacks—including a new attack we uncover. We find that record injection vulnerabilities are fairly common—even years after some of them were first uncovered.
منابع مشابه
Assessing the groundwater vulnerability to pollution using DRASTIC and SINTACS models, case study: Evan Plain, south west of Iran
متن کامل
DNS Certification Authority Authorization (CAA) Resource Record
The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain. CAA Resource Records allow a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis-issue. This document defines the syntax of the CAA...
متن کاملAssessing vulnerability of agriculture in the face of climate change (Case Study: Gilan Province)
Abstract Climate change in one area has severe impacts on water resources and, consequently, agriculture in that area. Therefore, studying the extent of the vulnerability of regions to adopting policies to reduce or adapt to new conditions is of particular importance. One of the methods for assessing the extent of damage to agricultural activities is the calculation of the vulnerability inde...
متن کاملRecursive DNS Architectures and Vulnerability Implications
DNS implementers face numerous choices in architecting DNS resolvers, each with profound implications for security. Absent the use of DNSSEC, there are numerous interim techniques to improve DNS forgery resistance. We explore how different resolver architectures can affect the risk of DNS poisoning. The contributions of this work include: (A) We create a comprehensive, accurate model of DNS poi...
متن کاملResource Records for the DNS Security Extensions
This document is part of a family of documents that describe the DNS Security Extensions (DNSSEC). The DNS Security Extensions are a collection of resource records and protocol modifications that provide source authentication for the DNS. This document defines the public key (DNSKEY), delegation signer (DS), resource record digital signature (RRSIG), and authenticated denial of existence (NSEC)...
متن کامل