Professional Documents
Culture Documents
2015 12 12-Studija-Rnids Dns Bezbednost
2015 12 12-Studija-Rnids Dns Bezbednost
281
rnids.rs | . | kancelarija@rnids.rs
DNS
2015.
. ,
, ,
. , ,
, IP (Internet Protocol) .
DNS (Domain Name System)
. (DNS)
. DNS-
,
. , ,
IP . , DNS IP
IP ().
DNS :
DNS , ,
. DNS ,
,
. ,
,
DNS-.
, DNS ,
,
. DNS ,
!
,
DNS .
DNS
2/19
DNS
DNS-
.
, ,
IP . ,
DNS .
,
. ,
, . (
) IP
DNS .
DNS-
. DNS root
(TLD), : .rs, .ca, .se, .com, .net, .
TLD DNS
(.co.rs, rnids.rs, cisco.com,). ,
DNS
TLD
DNS
DNS .
DNS ( DNS DNS
).
DNS
3/19
www.rnids.rs, DNS IP
-. DNS
IP www.rnids.rs
DNS , (cached DNS ),
. DNS , IP
, DNS
, DNS .
, www.rnids.rs,
DNS , ,
DNS , root ,
, root . Root ,
, DNS DNS
, .
. ,RS, root IP DNS
, TLD (Top Level Domain), :
com, net, org, edu, it, uk, se, de, , ...
DNS , DNS ,
, (resolve) IP
root . Root IP
www.rnids.rs, , DNS ()
DNS .RS. DNS
DNS .RS,
IP www.rnids.rs, DNS
rnids.rs. DNS DNS
rnids.rs, IP www.rnids.rs,
(
) .
IP 100
DNS .
DNS
4/19
IP 87.237.205.199
.
;; global options: printcmd
.
16730 IN NS a.root-servers.net.
.
16730 IN NS l.root-servers.net.
.
16730 IN NS h.root-servers.net.
.
16730 IN NS b.root-servers.net.
.
16730 IN NS k.root-servers.net.
.
16730 IN NS f.root-servers.net.
.
16730 IN NS c.root-servers.net.
;; Received 228 bytes from 82.117.194.2#53(82.117.194.2) in 12 ms
rs.
172800 IN NS l.nic.rs.
rs.
172800 IN NS k.nic.rs.
rs.
172800 IN NS h.nic.rs.
rs.
172800 IN NS g.nic.rs.
rs.
172800 IN NS f.nic.rs.
rs.
172800 IN NS d.nic.rs.
rs.
172800 IN NS b.nic.rs.
rs.
172800 IN NS a.nic.rs.
;; Received 460 bytes from 198.41.0.4#53(a.root-servers.net) in 18 ms
rnids.rs.
3600 IN NS ns1.nic.rs.
rnids.rs.
3600 IN NS ns2.rnids.rs.
rnids.rs.
3600 IN NS odisej.telekom.rs.
rnids.rs.
3600 IN NS ns1.rnids.rs.
;; Received 221 bytes from 194.146.106.114#53(l.nic.rs) in 0 ms
www.rnids.rs.
3600 IN CNAME web-server.rnids.rs.
web-server.rnids.rs. 3600 IN A
87.237.205.199
rnids.rs.
3600 IN NS ns1.nic.rs.
rnids.rs.
3600 IN NS odisej.telekom.rs.
rnids.rs.
3600 IN NS ns1.rnids.rs.
rnids.rs.
3600 IN NS ns2.rnids.rs.
;; Received 262 bytes from 147.91.8.6#53(ns1.nic.rs) in 14 ms
DNS
DNS
5/19
DNS .
, DNS DNS
, ,
. ,
, .
DNS-,
,
,
.
, , DNS
,
, .
DNS ,
.
,
,
DNS , , DNS ,
IP .
, anti-spam Spamhaus
DDoS (Distributed Denial of Service) .
Cyberbunker
Spamhausa.
300Gb ?
Open Resolver Project 20
DNS
, .
, DNS 30 , DNS
100 200 . DNS UDP
, ,
(spoofing) IP
, IP . DNS
, IP .
DNS DNS
,
DNS . Cloudflare
DNS
6/19
,
Spamhaus, 65000 DNS
.
DNS
, . , Syrian Electronic
Army (SEA), ,
, DNS
Melbourne IT
, New York Times, Washington Post, Financial Times, Twitter,
BBC-, AP- Reuters-, .
, .
, New York Times-,
,
-.
Melbourne IT ,
DNS ,
.
,
.
, DNS , ,
,
.
DNS :
DoS DDoS
DNS DDoS
DNS
DNS
7/19
DoS DDoS
.
()
. , ,
.
.
, Denial of Service (DoS) ,
. DoS
, .
, ,
, DNS
. DoS
,
. ,
.
DoS
.
, DoS . , DoS
Distributed Denial of Service (DDoS)
, , DoS
. , (DoS),
.
:
() .
DNS
8/19
DoS ,
DDoS .
DDoS
.
DDoS
( botnet). botnet
,
.
DDoS ,
.
, ()
.
- ,
, . botnet .
DDoS
, , ,
,
. DDoS :
DDoS ,
DDoS (DRDoS) .
DDoS (botnetu),
, .
(), ,
, ( flooding) .
DDoS (spoofed) IP
,
(firewall).
DNS
9/19
Napada
Botnet
(zombiji)
rtva
DDoS
DDoS , DRDoS
, ,
(),
. DDoS
.
DNS
, DDoS (amplified DDoS) .
DNS ( )
DNS . DNS
( DNS )
DDoS .
DNS DNS
. RNIDS-,
RCUB-, 10000 DNS , .RS
. , . 20
.
DNS
10/19
Napada
Botnet
(zombiji)
Reflektori
rtva
DDoS (DRDoS)
DoS/DDoS
.
, .
DDoS ,
.
DDoS : ; ;
.
, ,
.
IP
adresom (Network Ingress Filtering RFC 2827)
. ,
-
.
,
DNS
11/19
DoS/DDoS
.
,
. ,
.
Cache poisoning
DNS
. DNS
DNS (
IP )
DNS (caching).
DNS
IP .
DNS
DNS .
(cache poisoning).
,
.
DNS . cache poisoning
DNS ,
, DNS DNS
DNS .
, DNS
DNS
.
, DNS (TTL time to
live) DNS , .
DNS
12/19
Cache poisoning
DNS DNS
. DNS
DNS
(transaction ID) .
("Birthday Paradox"), ,
23 , 50%.
, 1,2 i
( i=365).
16 n ,
, n/65536 . ,
DNS DNS
,
.
:
1 (1)
= 1 (1 ) 2
DNS
13/19
t ( 65536), n
. ,
n/65536 ( n=700 1,07%),
birthday attack , 700
100% .
- . 300
(
) 50% .
IP :
.
DNS DNS
. , DNS
.
DNS , DNS
,
.
:
10:54:12.423228 192.168.1.2.33748 > 66.218.71.63.53: 21345 [1au] A? www.yahoo.com. (42) (DF)
10:54:21.313293 192.168.1.2.33748 > 216.239.38.10.53: 53735 [1au] A? www.google.com. (43) (DF)
10:54:27.182852 192.168.1.2.33748 > 149.174.213.7.53: 19315 [1au] A? www.netscape.com. (45) (DF)
10:54:43.252461 192.168.1.2.33748 > 66.35.250.11.53: 43129 [1au] A? www.linux.com. (42) (DF)
(33748)
.
DNS
DNS .
DNS
14/19
DNS
.
DNS
.
- .
,
Man in The Midle MTM ,
.
90 DNS
. DNS
cache poisoning . ,
DNS DNS
, .
DNS , ,
DNSSEC ( DNS
).
DNS
15/19
DNSSEC
DNS
. ,
,
.
DNS , DNSSEC (DNS
Security Extension), man in the middle .
DNSSEC DNS DNS-
DNS DNS
:
:
DNS .
:
.
:
, DNS
.
?
DNSSEC
PK (Public Key encryption).
,
DNSKEY .
.
DNSSEC , DNS (A,
MX, CNAME, .) DNS ,
DNSSEC RRSIG (resource record signature). RRSIG
hash-
. DNS
DNS . , hash RRset
hash- RRSIG
DNS .
DNS
16/19
. , DS
DNS
.
DNSKEY , DS, RRSIG(DS) DNSKEY
.
DS DNS
(ZSK)
, DS DNSKEY
. , DS
DNSKEY. DNS , , ,
DNS .
,
(. trust anchor),
DNS root . , (NSEC) ,
,
.
DNSSEC : (Zone Signing Keys
ZSK) (Key Signing Keys KSK). ZSK
DNSKEY . KSK
DNSKEY , DNSKEY
.
.
,
. . DNS-
. ,
. , .
, ,
DNSKEY
DS . ,
, DNS
KSK , ( ).
.
DNS
17/19
, DNSSEC DNS .
DNS ( DNS
) DNSSEC .
DNS DNS
DNS ,
. ,
,
.
DNS ,
,
, , ,
DNS, ,
. DNS ! DNS
, DNS ,
.
(, , FTP) , . ,
DNS , . , DNS
.
:
DNS
, root
, TLD .
DNS ( DNS
DNS ).
.
DNS ,
DNS
18/19
.
, .
( DNS )
.
()
.
DNS
DNS open resolver DNS ,
DNS
.
.
Response Rate Limiting (RRL)
DNS .
DDoS DRDoS
. Response Rate Limiting (RRL)
DNS . razliiti (po IP ,
, ). RRL-
.
(SAV Source Address
Validation)
DNS IP DNS ,
DNS
. , . IP
.
DNSSEC
DNS-.
DNS . DNS ,
imaju aktiviranu DNS
.
DNS
19/19