A team of researchers from UC Irvine and Tsinghua University has developed a new powerful cache poisoning attack named 'MaginotDNS,' that targets Conditional DNS (CDNS) resolvers and can compromise entire TLDs top-level domains.
The attack is made possible thanks to inconsistencies in implementing security checks in different DNS software and server modes (recursive resolvers and forwarders), leaving roughly one-third of all CDNS servers vulnerable.
The researchers presented the attack and paper earlier this week at Black Hat 2023, reporting that the identified problems have now been remediated at the software level.
DNS cache poisoning background
DNS (Domain Name System) is a hierarchical and distributed naming system for internet resources and networks, helping resolve human-readable domain names to numerical IP addresses so that a network connection can be made.
The DNS resolution process uses UDP, TCP, and DNSSEC to perform queries and receive responses. It can be iterative and recursive, involving multiple steps and exchanges with root servers, TLD servers, authoritative servers, caching records along the way, etc.
The concept of DNS cache poisoning is injecting forged answers into the DNS resolver cache, causing the server to direct users who enter a domain to incorrect IP addresses, potentially leading them to malicious websites without their knowledge.
Many attacks of this type have been demonstrated in the past, like, for example, the Kashpureff Attack in 1997, which exploited a lack of data verification (bailiwick rules), and the Kaminsky Attack in 2008 that took advantage of the absence of a source port randomization system.
Bailwick che ..
Support the originator by clicking the read the rest link below.
