[dns-operations] Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS
Lee
ler762 at gmail.com
Tue Aug 17 17:17:02 UTC 2021
On 8/17/21, Paul Wouters wrote:
> On Fri, 13 Aug 2021, Tony Finch wrote:
>
>> Subject: [dns-operations] Injection Attacks Reloaded: Tunnelling
>> Malicious
>> Payloads over DNS
>>
>> David Malone pointed out to me on Twitter a paper from this year's USENIX
>> security symposium. It has an impressive collection of attacks on
>> applications that use the DNS.
>>
>> https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner
>
> Sadly, it did not test systemd-resolved or dnsmasq.
If you have a system that uses systemd-resolved or dnsmasq you can test them at
https://xdi-attack.net/test.html
For whatever it's worth, I get 'Your resolver is not vulnerable ...'
for each test if I have
check-names response fail;
in my bind named.conf
But every single 'Special character filtering' test comes back 'was
not filtered by your resolver' if I remove check-names :(
Regards,
Lee
More information about the dns-operations
mailing list