[dns-operations] Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS

Christoph cm at appliedprivacy.net
Tue Aug 17 18:13:11 UTC 2021


>> Subject: [dns-operations] Injection Attacks Reloaded: Tunnelling 
>> Malicious Payloads over DNS
>> 
>> David Malone pointed out to me on Twitter a paper from this year's
>> USENIX security symposium. It has an impressive collection of
>> attacks on applications that use the DNS.
>> 
>> https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner
>
>> 
> Sadly, it did not test systemd-resolved or dnsmasq.

dnsmasq and systemd-resolved are mentioned in the paper.


In their paper they talk about IETF efforts:

> In the next steps we will be coordinating countermeasureswith the DNS
> and applications vendors, as well as the IETF community.
[...]
> Changing this requires a discussion in the corresponding working
> groups within the IETF, which we are initiated within our disclosure
> efforts.

but I've not been able to find any discussions on the usual DNS related 
IETF mailing lists (like dnsop).
Did you observe this topic at any IETF WG mailing list?

For a thread about this on the powerdns-users mailing list:
https://mailman.powerdns.com/pipermail/pdns-users/2021-August/027366.html

best regards,
Christoph




More information about the dns-operations mailing list