[dns-operations] DNS Attack over UDP fragmentation

Ondřej Surý ondrej.sury at nic.cz
Thu Sep 5 11:56:23 UTC 2013 

Just a short update from our today meeting over PoC implementation.

We have discussed this further and came to conclusion that the Kaminsky-attack
on top of Shulman-attack is just limited to heavily populated zones (TLDs)
or wildcard domains, since you need a positive response (since you cannot rewrite
RCODE in the packet).

O.

On 4. 9. 2013, at 15:08, Ondřej Surý <ondrej.sury at nic.cz> wrote:

> Hi all,
> 
> for all those who haven't been on saag WG at IETF 88...
> 
> Amir Herzbert and Haya Shulman has presented a quite interesting attack on UDP fragmentation that allows Kaminsky-style attacks to be real again.
> 
> The saag presentation is here: http://www.ietf.org/proceedings/87/slides/slides-87-saag-3.pdf
> 
> The paper describing the attack is here:
> http://arxiv.org/pdf/1205.4011v1.pdf
> 
> More Haya Shulman's publications can be found here:
> https://sites.google.com/site/hayashulman/publications
> 
> And some papers are also available from Google Scholar:
> http://scholar.google.com/scholar?hl=en&q=Amir+Herzberg%2C+Haya+Shulman+++dnssec&btnG=&as_sdt=1%2C5&as_sdtp=
> 
> We gave it some thoughts here at CZ.NIC Labs and we think that the threat is real and we are now trying to write a PoC code to prove the theoretical concept.
> 
> So what are the views of other people on this list?
> 
> Ondrej
> --
> Ondřej Surý -- Chief Science Officer
> -------------------------------------------
> CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
> Americka 23, 120 00 Praha 2, Czech Republic
> mailto:ondrej.sury at nic.cz    http://nic.cz/
> tel:+420.222745110       fax:+420.222745112
> -------------------------------------------
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

--
 Ondřej Surý -- Chief Science Officer
 -------------------------------------------
 CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
 Americka 23, 120 00 Praha 2, Czech Republic
 mailto:ondrej.sury at nic.cz    http://nic.cz/
 tel:+420.222745110       fax:+420.222745112
 -------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130905/002f27b7/attachment.sig>

More information about the dns-operations mailing list