论文信息 - The State of the Art in DNS Spoo

The State of the Art in DNS Spoo

The DNS is responsible for resolving human-readable domain names to numeric IP addresses. It is a protocol designed in the early days of the internet, and features only weak security mechanisms. The purpose of this paper is to give an overview of the threats on the current system for domain name resolution. We describe the DNS system and possible motivations for attackers. In the following we describe the di erent attacks, and discuss their success chances and possible countermeasures. We include an overview of a ected versions of di erent DNS servers, and discuss their distribution in the internet. Lastly we give a summary on the risk of DNS spoo ng.

R. Araújo | A. Wiesmaier | U. Steinho

[1] Marcin Zalewski,et al. Strange attractors and tcp/ip sequence number analysis , 2004 .

[2] Michael D. Bauer. Linux Server Security , 2005 .

[3] Paul Albitz,et al. DNS and BIND , 1994 .

[4] Donald E. Eastlake,et al. Domain Name System Security Extensions , 1997, RFC.

[5] J. Buchmann. Einführung in die Kryptographie , 1999 .

[6] Scott Rose,et al. DNS Security Introduction and Requirements , 2005, RFC.

[7] Scott Rose,et al. Resource Records for the DNS Security Extensions , 2005, RFC.

[8] G. W. Stewart. Dns cache poisoning-the next generation , 2003 .

[9] Christoph Ludwig Schuba. Addressing Weaknesses in the Domain Name System Protocol , 1993 .

[10] Matt Larson,et al. DNS on Windows Server 2003 , 2003 .

[11] Scott Rose,et al. Protocol Modifications for the DNS Security Extensions , 2005, RFC.