论文信息 - Assessing DNS Vulnerability to Record Injection

Assessing DNS Vulnerability to Record Injection

The Domain Name System (DNS) is a critical component of the Internet infrastructure as it maps human-readable names to IP addresses. Injecting fraudulent mappings allows an attacker to divert users from intended destinations to those of an attacker's choosing. In this paper, we measure the Internet's vulnerability to DNS record injection attacksincluding a new attack we uncover. We find that record injection vulnerabilities are fairly commoneven years after some of them were first uncovered.

Mark Allman | Michael Rabinovich | Kyle Schomp | Tom Callahan

[1] Ólafur Guðmundsson. Observing DNSSEC validation in the wild , 2011 .

[2] David A. Maltz,et al. Inflight Modifications of Content: Who Are the Culprits? , 2011, LEET.

[3] Scott Rose,et al. DNS Security Introduction and Requirements , 2005, RFC.

[4] Wenke Lee,et al. Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries , 2008, CCS.

[5] Vern Paxson,et al. Redirecting DNS for Ads and Profit , 2011, FOCI.

[6] David E. Culler,et al. PlanetLab: an overlay testbed for broad-coverage services , 2003, CCRV.

[7] Mark Allman,et al. On measuring the client-side DNS infrastructure , 2013, Internet Measurement Conference.

[8] Paul V. Mockapetris,et al. Domain names - implementation and specification , 1987, RFC.

[9] Boris Nechaev,et al. Netalyzr: illuminating the edge network , 2010, IMC '10.

[10] Dmitri Loguinov,et al. Demystifying service discovery: implementing an internet-wide scanner , 2010, IMC '10.

[11] Scott Rose,et al. DNS Security Introduction and Requirements , 2005, RFC.

[12] V. Paxson,et al. Implications of Netalyzr ’ s DNS Measurements , 2011 .

[13] Niels Provos,et al. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority , 2008, NDSS.