[dns-operations] DNS Attack over UDP fragmentation

Yasuhiro Orange Morishita / 森下泰宏 yasuhiro at jprs.co.jp
Thu Sep 5 12:07:07 UTC 2013


Hi,

> Just a short update from our today meeting over PoC implementation.

I think that the PoC for "Shulman-attack" is still effective even
after applying DNSSEC.  It's still DoS'able, different to the port
randomization against Kaminsky's.

-- Orange

From: Ondřej Surý <ondrej.sury at nic.cz>
Date: Thu, 5 Sep 2013 13:56:23 +0200

> Just a short update from our today meeting over PoC implementation.
> 
> We have discussed this further and came to conclusion that the Kaminsky-attack
> on top of Shulman-attack is just limited to heavily populated zones (TLDs)
> or wildcard domains, since you need a positive response (since you cannot rewrite
> RCODE in the packet).
> 
> O.
> 
> On 4. 9. 2013, at 15:08, Ondřej Surý <ondrej.sury at nic.cz> wrote:
> 
> > Hi all,
> > 
> > for all those who haven't been on saag WG at IETF 88...
> > 
> > Amir Herzbert and Haya Shulman has presented a quite interesting attack on UDP fragmentation that allows Kaminsky-style attacks to be real again.
> > 
> > The saag presentation is here: http://www.ietf.org/proceedings/87/slides/slides-87-saag-3.pdf
> > 
> > The paper describing the attack is here:
> > http://arxiv.org/pdf/1205.4011v1.pdf
> > 
> > More Haya Shulman's publications can be found here:
> > https://sites.google.com/site/hayashulman/publications
> > 
> > And some papers are also available from Google Scholar:
> > http://scholar.google.com/scholar?hl=en&q=Amir+Herzberg%2C+Haya+Shulman+++dnssec&btnG=&as_sdt=1%2C5&as_sdtp=
> > 
> > We gave it some thoughts here at CZ.NIC Labs and we think that the threat is real and we are now trying to write a PoC code to prove the theoretical concept.
> > 
> > So what are the views of other people on this list?
> > 
> > Ondrej
> > --
> > Ondřej Surý -- Chief Science Officer
> > -------------------------------------------
> > CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
> > Americka 23, 120 00 Praha 2, Czech Republic
> > mailto:ondrej.sury at nic.cz    http://nic.cz/
> > tel:+420.222745110       fax:+420.222745112
> > -------------------------------------------
> > 
> > _______________________________________________
> > dns-operations mailing list
> > dns-operations at lists.dns-oarc.net
> > https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> > dns-jobs mailing list
> > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
> 
> --
>  Ondřej Surý -- Chief Science Officer
>  -------------------------------------------
>  CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
>  Americka 23, 120 00 Praha 2, Czech Republic
>  mailto:ondrej.sury at nic.cz    http://nic.cz/
>  tel:+420.222745110       fax:+420.222745112
>  -------------------------------------------
> 


More information about the dns-operations mailing list