التفاصيل البيبلوغرافية
| العنوان: |
TsuNAME: exploiting misconfiguration and vulnerability to DDoS DNS |
| المؤلفون: |
Giovane C. M. Moura, Sebastian Castro, John Heidemann, Wes Hardaker |
| المصدر: |
IMC '21, Proceedings of the 21st ACM Internet Measurement Conference, Virtual Event, 2 - 4 November 2021 |
| بيانات النشر: |
Association for Computing Machinery |
| سنة النشر: |
2021 |
| المجموعة: |
Zenodo |
| الوصف: |
TheInternet’s Domain Name System (DNS) is a part of every web re- quest and e-mail exchange, so DNS failures can be catastrophic, tak- ing out major websites and services. This paper identifies TsuNAME, a vulnerability where some recursive resolvers can greatly amplify queries, potentially resulting in a denial-of-service to DNS services. TsuNAME is caused by cyclical dependencies in DNS records. A recursive resolver repeatedly follows these cycles, coupled with insufficient caching and application-level retries greatly amplify an initial query, stressing authoritative servers. Although issues with cyclic dependencies are not new, the scale of amplification has not previously been understood. We document real-world events in.nz(a country-level domain), where two misconfigured domains resulted in a 50% increase on overall traffic. We reproduce and document root causes of this event through experiments, and de- mostrate a 500×amplification factor. In response to our disclosure, several DNS software vendors have documented their mitigations, including Google public DNS and Cisco OpenDNS. For operators of authoritative DNS services we have developed and releasedCycleHunter, an open-source tool that detects cyclic dependencies and prevents attacks. We useCycleHunterto evaluate roughly 184 million domain names in 7 large, top-level domains (TLDs), finding 44 cyclic dependent NS records used by 1.4k domain names. The TsuNAME vulnerability is weaponizable, since an adversary can easily create cycles to attack the infrastructure of a parent domains. Documenting this threat and its solutions is an important step to ensuring it is fully addressed. |
| نوع الوثيقة: |
conference object |
| اللغة: |
unknown |
| Relation: |
https://zenodo.org/communities/eu; https://doi.org/10.1145/3487552.3487824; oai:zenodo.org:5793155 |
| DOI: |
10.1145/3487552.3487824 |
| الاتاحة: |
https://doi.org/10.1145/3487552.3487824 |
| Rights: |
info:eu-repo/semantics/openAccess ; Creative Commons Attribution 4.0 International ; https://creativecommons.org/licenses/by/4.0/legalcode |
| رقم الانضمام: |
edsbas.2CF3B868 |
| قاعدة البيانات: |
BASE |