This action might not be possible to undo. Are you sure you want to continue?
Presented by: Click to edit Master subtitle style Siddharth Kumar Katiyar
What is DNS ?
DNS stands for Domain Name System. the URL (human readable address) into IP address (machine readable address) and vice versa. a global,hierarchical & distributed host information database. 4/14/12
Figure-1 4/14/12 .
FIGURE-2 4/14/12 .
Figure-3 4/14/12 .
Figure-4 4/14/12 .
But… 4/14/12 .
there are multiple ways that the traffic on the Internet can be intercepted and rerouted or impersonated so that the answer given is incorrect.org?” computer gets an answer.The DNS is not secure A computer sends a “question” to a DNS server asking a question like “What is the IP address for abcd. and if the answer appears to match the question it asked . completely trusts that it is correct. 4/14/12 The But .
Figure.5 Something in the network between the computer and the server has intercepted or redirected the 4/14/12 traffic. .
4/14/12 .Figure-6 A server on the network responds with the wrong answer. quicker than the correct server can give the right answer.
or through web-links and banners that 4/14/12 Refers Mostly .DNS Poisoning Also known as “DNS Cache Poisoning”. done through spam emails. to the corruption of DNS tables and caches so that a domain name points to a malicious IP address.
Figure-7 4/14/12 .
How does one spoof a response A question is sent out. knows it has received the answer to its question when: It comes back to the same IP address it was sent from It comes back to the same port number it was sent from The question matches the question asked 4/14/12 It Ø Ø Ø . and the querying computer waits for an answer to return.
Potential consequences Identity Theft of Malware of False Information attack 4/14/12 Distribution Dissemination Man-in-the-middle .
Protecting Your Assets Maximize the amount of randomness Physically separate external and internal DNS servers zone transfers to authorized 4/14/12 Restrict devices .
Continue… Disable open recursive servers dynamic DNS updates when Restrict possible Hide the version of BIND being used on the DNS servers 4/14/12 .
Cleaning On .Recovering from DNS poison attack Detect Block the IP address of the malicious DNS server(s) . the IP address of the malicious DNS server at your border routers/firewalls. up from a site-wide DNS cache poisoning may require flushing the cache on all of your DNS servers in your organization Windows 2000. you can flush the client cache by running 4/14/12 "ipconfig /flushdns". and 2003 clients. XP.
Vulnerability Checking Tool 4/14/12 .
How The Tool Works ? 4/14/12 .
Work Continues… ICANN is still working with the last remaining TLDs that are affected . 4/14/12 on DNSSEC. and signing the It Work . The goal is to reduce the number to zero. is anticipated that a ban on open recursive name servers will be instituted as a formal IANA requirement on future root zone changes.
!!! 4/14/12 ...THANK YOU .