[dns-operations] Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS
Paul Wouters
paul at nohats.ca
Tue Aug 17 16:21:11 UTC 2021
On Fri, 13 Aug 2021, Tony Finch wrote:
> Subject: [dns-operations] Injection Attacks Reloaded: Tunnelling Malicious
> Payloads over DNS
>
> David Malone pointed out to me on Twitter a paper from this year's USENIX
> security symposium. It has an impressive collection of attacks on
> applications that use the DNS.
>
> https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner
Sadly, it did not test systemd-resolved or dnsmasq. Also, it did not say
which one public resolver is vulnerable (although it clearly is
vulnerable to a lot more anyway for not doing DNSSEC validation).
Paul
More information about the dns-operations
mailing list