Home > DNS > dns cache poisoning

dns cache poisoning



We are a group of students from clemson university computer science department studying "vulnerabilities in DNS". We were refering to site

http://www.securesphere.net/download/papers/dnsspoof.htm



and particularly at the cache poisoning technique that was given. We had the following doubt



1. "could a zone transfer occur betweeen two DNS servers which are not related(in the same hierarchy). Zone transfer is supposed to occur between a master and a slave dns server in the same domain. So, does that mean that the attacker and victim should have this master-slave relationship."



please clarify.



2. Could some one kindly redirect us to some useful resources in this regard, or any thing related to cache poisoning.





Thanks and Regards,

Prashanth.A

    
Guest


I am familiar with cache poisoning concepts, and am willing to answer specific questions on the matter.



"zone transfer"



Transfers may be made anonymously if the dns server (master or slave) does not try to restrict transfers. For example:



dnscrawler type=AXFR name=secure.net



My tool was able to pull a zone transfer from one of the secure.net dns servers. This is fairly common for smaller businesses and not really a problem. Arguments against allowing anonymous transfers include the following:



1) Allowing anonymous zone transfers give hackers a road map of your network's services. Old and possibly forgotten servers may be referenced in DNS that hackers would not otherwise experiment with.



2) Allowing anonymous zone transfers give hackers an avenue of wasting your dns server's resources. If the zone transfer is large enough or if done enough times simultaneously then they could succeed in a denial of service.



3) There's no sense allowing anonymous access when it serves no purpose.



Arguments for allowing anonymous transfers in direct rebuttal:



1) dns is a publically distributed system. DNS is not the place for secret information and as such, may be visible to the world.



2) It is impossible to protect yourself from denial of service except through redundancy and failover. A hacker can effectively take your machine offline regardless of whether you enable anonymous transfers or not.



3) Allowing anonymous access enables people to debug problems with your dns easier.



Zone transfers and cache poisoning:



Zone transfers isn't technically vulnerable to cache poisoning since you wouldn't be polluting a dns server's cache. But dns servers are vulnerable to man-in-the-middle attacks where a slave wishes to transfer a zone from the master, but the hacker shuts down the master through a denial of service attack and answers the slave transfer with falsified information on behalf of the master. Fortunately, zone transfers can only be done via TCP connections, which is much harder to hijack than UDP. This kind of attack is extremely unlikely, but can be made impossible by using TSIG (secret key) secured transfers.

Was this answer helpful ? Yes No   
Guest
Answer it
Ask Question About DNS
 
 
Home - About Infoqu - Contact - Privacy Statement - Link to Infoqu - Bookmark Infoqu

Copyright 2007-2010 by Infoqu. All rights reserved