Professional Documents
Culture Documents
Extensions
(DNSSEC)
USTTI Workshop
October 2010
Presented by:
Steve Conte (conte@isoc.org)
The Internet Society
http://www.isoc.org
Domain Name System
http://www.isoc.org
DNS Exploits
http://www.isoc.org
DNS Exploits
Cache Poisoning
http://www.isoc.org
Enter DNSSEC
http://www.isoc.org
DNS Data Flow
Points of attack
zone
file
(text,
MASTER
DB)
DATA
caching
STUB resolver Zone dynamic
resolver (recursive) Transfer updates
SLAVES
SLAVES
VECTORS
ATTACK
man in spoofing
the cache modified master spoofed
poisoning data updates corrupted
middle (routing/DoS)
data
http://www.isoc.org
Fighting the good fight
http://www.isoc.org
DNSSEC: Preventative Medicine
http://www.isoc.org
What DNSSEC Doesn’t Do
http://www.isoc.org
Deploying DNSSEC
http://www.isoc.org
Planning
http://www.isoc.org
The Ground, Up
http://www.isoc.org
Workshop Overview
http://www.isoc.org