[dns-operations] DNS Attack over UDP fragmentation
Yasuhiro Orange Morishita / 森下泰宏
yasuhiro at jprs.co.jp
Wed Sep 4 13:45:42 UTC 2013
Hello,
I believe that it is another serious attack against DNS protocol,
or it may be against UDP/IP (especially IPv4).
So, we might set max-udp-size to 1220 for preventing UDP fragmentation.
And I know anouther "IPv6 Fragment Header Deprecated" I-D at IETF 6man WG.
BTW, sometimes I unofficially call the method as "DNS Aikora Kougeki"
in Japanese. "Kougeki" means attacks and "Aikora" is Japanese slang,
and it's described here.
<http://japanslangdictionary.appspot.com/cont?key=ikora>
Regards,
-- Orange
From: Ondřej Surý <ondrej.sury at nic.cz>
Date: Wed, 4 Sep 2013 15:08:55 +0200
> Hi all,
>
> for all those who haven't been on saag WG at IETF 88...
>
> Amir Herzbert and Haya Shulman has presented a quite interesting attack on UDP fragmentation that allows Kaminsky-style attacks to be real again.
>
> The saag presentation is here: http://www.ietf.org/proceedings/87/slides/slides-87-saag-3.pdf
>
> The paper describing the attack is here:
> http://arxiv.org/pdf/1205.4011v1.pdf
>
> More Haya Shulman's publications can be found here:
> https://sites.google.com/site/hayashulman/publications
>
> And some papers are also available from Google Scholar:
> http://scholar.google.com/scholar?hl=en&q=Amir+Herzberg%2C+Haya+Shulman+++dnssec&btnG=&as_sdt=1%2C5&as_sdtp=
>
> We gave it some thoughts here at CZ.NIC Labs and we think that the threat is real and we are now trying to write a PoC code to prove the theoretical concept.
>
> So what are the views of other people on this list?
>
> Ondrej
> --
> Ondřej Surý -- Chief Science Officer
> -------------------------------------------
> CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
> Americka 23, 120 00 Praha 2, Czech Republic
> mailto:ondrej.sury at nic.cz http://nic.cz/
> tel:+420.222745110 fax:+420.222745112
> -------------------------------------------
>
More information about the dns-operations
mailing list