ATTACKS ON DNS AND ITS SOLUTIONS Hanuman Reddy Allala CSU ID 2619697 INTRODUCTION: Hence as early we discussed DNS is termed as Domain Name System which is used in converting domain names into IP addresses. It is also globally distributed, scalable, reliable database. In DNS and DNSSEC there are many issues which are difficult to defend. The given data in name servers does not have co-ordination between the data origin to data integrity. So this all will lead to Man in Middle attacks. There are some attacks on DNS which effects the performance of DNS. There are many attacks on DNS like 1) Man in the middle Attack. 2) Packet sniffing. 3) Cache poisoning with use of name chaining. We don’t discuss in detail about these attacks but we will have a brief introduction on them. Man in middle is the most important vulnerabilities in DNS system. Man in the middle attack mainly occurs because DNS does not give the authentication details of the particular data. The person who tries to resolve this issue does not able to know the integrity and authentication for the data sent by others. Next coming to packet sniffing, this occurs when DNS replays with the response with one UDP packet without any signing and unencrypted format. This makes easy to other person to tamper the
To reduce the risk of these types of attacks, routers should be hardened, packet filtering controls should be used and routing information should be controlled.
Diffie-Hellman algorithm is vulnerable to two types of attacks, the first type is called discrete logarithm attack and the second type of attack is called man-in-the-middle attack, On theoretical basis these attacks for this system is not a problem anymore.
Generic Attacks against Routing: Routing is very important function in MANETs. It can also be easily misused, leading to several types of attack. Routing protocols in general are prone to attacks from malicious nodes. These protocols
In a sinkhole attack, the adversary’s goal is to lure nearly all the traffic from a particular area through a compromised node, creating a metaphorical sinkhole with the adversary at the center. Because nodes on, or near, the path that packets follow have many opportunities to tamper with application data, sinkhole attacks can enable many other attacks like selective forwarding. Sinkhole attacks typically work by making a compromised node look especially attractive to surrounding nodes with respect to the routing algorithm. For instance, an adversary could spoof or replay an advertisement for an extremely high quality route to a base
As part of my passive reconnaissance, I also did a DNS record lookup. Here I was able to find Western’s primary domain (A record), DNS servers (NS), SPF records (TXT records), and their mail server (MX records). These records can provide some information about the infrastructure of the target if you’re a malicious user. The big one is the mail server record. It tells the user what kind of mail server they’re currently using. In theory a malicious user could research and find vulnerabilities associated with that specific type of mail server. Also a malicious user could use the SPF record to find sensitive IP addresses. Making sure that you’re not leaking anything sensitive in these records is very important when it comes to protecting yourself from attacks.
The exponential increase use of the Internet to communicate, conduct business transactions, access personal banking, healthcare, education at confront of being anywhere has become an everyday lifestyle for many people around the globe. This reliance on computers, laptops, devices and other Internet of Things to access the Internet means, organizations, businesses and the government have also seen an increase occurrence of sophisticated attacks.
DNS is critical in the footprinting of a target network. It can sometimes save the attacker a lot of time, or at least corroborate other information that has been gathered. DNS is also a target for several types of attack.
They exploit network design weaknesses such as sending ping requests to death, or establishing computationally heavy tasks such encryption and decryption of the victim. The attacks have become rampant because hackers have availed the attack tools to help adversaries bypass the weak security measures in place. The attacks can be direct or reflector (Kinicki, 2012).
Imagine that you get home from a hard day at work or school, have a bite to eat, and then sit at your computer. After you've checked your e-mail, you're ready to play an online game. Excitement begins to build, but then you notice your browser was denied access to your network, preventing you from connecting to the Internet. In desperation, you turn your computer's power off and restart it. After the reboot, your computer still cannot reach any networked service. Since only your computer was involved, you think it may be a Denial of Service attack. However, days later you learn that the attack you experienced was a Distributed Denial of Service, an attack involving numerous computers that flooded the game servers and prevented anyone from gaining
DNS is a technology used by everyone and recognized by few. When you go to a website like Google.com, you are really going to the IP address 64.233.167.99. Your browser is able to find the correct IP for the website, even if the IP address changes. This is all thanks to our wonderful friend, DNS. Domain Name System (DNS) is used by everyone and is a necessity to many different companies and people. If DNS was not around, networks would operate in a completely different way. Not having the ability to link IP addresses to names would greatly limit networks. Image trying to memorize external IPv4 addresses. Now image trying to memorize IPv6 addresses. DNS is used in many different ways, but the primary use is that of an addresses book to store names to external IP addresses.
The likelihood is high also before of the lacking in fundamental security and information safeguards, which is vulnerable to denial of service attacks. This will have high impact on the outcome of cases, as evidence is needed to be victorious in a court case (OWASP Top 10, 2015).
Denial of Service (DoS) attack is a very common cyber menace that renders websites and other online means inaccessible to intended users. There are various types of DoS threats and nearly all directly target the core server structure. Others abuse weaknesses in application and communication proprieties. DoS is also used as a cover-up for other wicked actions, and to take down security applications like web firewalls. A prosperous DoS attack is very obvious and impacts the entire online user base.
A good place to begin with any examination is with the statistical and metadata information that can be uncovered within the packet capture. Using Wireshark Protocol Hierarchy Statistics, we can see that the traffic consists mainly of DNS datagrams (figure 1).
If the infrastructure of a network is exposed and accessible to anyone this leaves the network vulnerable to damage both
Denial-of-service is an attack aimed to refuse access for legitimate users and disrupt service availability according to www.msdn.microsoft.com. This type of security threat according to www.tech.co.uk is rapidly increasing on the Internet due to open doors on Websites. By using the Internet, companies increase the risk of denial of service attack. Denial of service can also be caused by too many connected to a server at the same making run slow or unavailable to others. People who deliberately abuse a network server are often difficult to track down.