large scale analysis of infrastructure leaking dns servers
play

Large-scale Analysis of Infrastructure-leaking DNS Servers Dennis - PowerPoint PPT Presentation

Jul 02, 2023 •138 likes •422 views

Large-scale Analysis of Infrastructure-leaking DNS Servers Dennis Tatang , Carl Schneider, Thorsten Holz Ruhr-University Bochum, Germany Motivation DNS: www.rub.de 134.147.64.10 Daily use on the Internet by every user Various

  1. Large-scale Analysis of Infrastructure-leaking DNS Servers Dennis Tatang , Carl Schneider, Thorsten Holz Ruhr-University Bochum, Germany

  2. Motivation • DNS: www.rub.de 134.147.64.10 • Daily use on the Internet by every user • Various studies: DDoS, Censorship, Measurements • Overlooked aspect: Leaking DNS servers to external queries with internal network information DIMVA 2019, Gothenburg

  3. Reconnaissance • Information leakage part of active infrastructure reconnaissance • Goal: Get as much information as possible about a target network DIMVA 2019, Gothenburg

  4. Contributions • Measurement approach to find information leaking DNS servers • Systematic study on DNS servers that might expose internal network information to external requests • Self-check for identifying information-leaking DNS servers DIMVA 2019, Gothenburg

  5. Domain Name System (DNS) • Distributed, hierarchy-based service • Primarily responsible for translation of domain names into IP addresses (A, AAAA) • Reverse lookup (PTR) • Private IP ranges ( 10/8 , 172.16/12 , 192.168/16 ) DIMVA 2019, Gothenburg

  6. Idea • Using reverse DNS requests for internal resources on Internet reachable DNS servers DIMVA 2019, Gothenburg

  7. Discovering Leaking DNS Servers DNS server IPv4 Censys database Scan server DNS server ... Private networks ... DIMVA 2019, Gothenburg

  8. Discovering Leaking DNS Servers 3 requests per private IP range DNS server IPv4 Censys database Scan server DNS server ... Private networks ... DIMVA 2019, Gothenburg

  9. General Measurement Results 10.000.000 8.000.000 6.000.000 4.000.000 2.000.000 0 2018-09-08 2018-10-08 2018-11-08 2018-12-08 2019-01-08 800.000 600.000 400.000 200.000 0 2018-09-08 2018-10-08 2018-11-08 2018-12-08 2019-01-08 DIMVA 2019, Gothenburg

  10. Response Groups (1) Localhost : “localhost.” Single : one host Emptyresponse : “.” IP : IP addresses Arpa : Reverse DNS Bogon : “bogon.” Constant : unique hostname for all hosts DIMVA 2019, Gothenburg

  11. Response Groups (2) Enduser : Keyword-based Other • apple, iphone, ipad, samsung, galaxy, home DIMVA 2019, Gothenburg

  12. Response Groups (3) No information Active hosts, Active hosts, advantage used subnet used subnet, hostnames Bogon Localhost Emptyresponse Constant Arpa Enduser IP Single Other DIMVA 2019, Gothenburg

  13. General Measurement Results 600.000 500.000 400.000 300.000 200.000 100.000 0 2018-09-08 2018-10-08 2018-11-08 2018-12-08 2019-01-08 localhost single ip emptyresponse constant other enduser arpa bogon DIMVA 2019, Gothenburg

  14. In-depth Analysis • Daemon information • AS numbers • Countries • Private IP ranges • Hostname pattern analysis DIMVA 2019, Gothenburg

  15. Daemon Information 80.000 100% 90% 70.000 80% 60.000 70% 50.000 60% 40.000 50% 40% 30.000 30% 20.000 20% 10.000 10% 0% 0 2018-10-01 2018-11-01 2018-12-01 2019-01-01 2018-10-01 2018-11-01 2018-12-01 2019-01-01 dnsmasq BIND MS DNS PowerDNS dnsmasq BIND MS DNS PowerDNS DIMVA 2019, Gothenburg

  16. AS Numbers & Countries DIMVA 2019, Gothenburg

  17. AS Numbers & Countries DIMVA 2019, Gothenburg

  18. Countries (normalized) Country Share Count British Virgin Islands 80% 2,533 Macao 41% 898 Comoros 29% 14 DIMVA 2019, Gothenburg

  19. Countries (normalized) Country Share Count British Virgin Islands 80% 2,533 Macao 41% 898 Comoros 29% 14 Country Share China 9% USA 3% Romania 15% Russia 3.4% DIMVA 2019, Gothenburg

  20. Private IP Ranges 100% 80% 60% 40% 20% 0% 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 DIMVA 2019, Gothenburg

  21. Hostname Pattern Analysis DIMVA 2019, Gothenburg

  22. Hostname Pattern Analysis Other Enduser 73 clusters 45 clusters DIMVA 2019, Gothenburg

  23. Example Hostname Patterns • <placeholder>.iPhone , <placeholder>.iPad • android-<placeholder> • amazon-<placeholder> • <placeholder>desktop, <placeholder>-PC • Other: • firewall<placeholder>, <placeholder>.dmz DIMVA 2019, Gothenburg

  24. Mitigation & Self-Check DIMVA 2019, Gothenburg

  25. Discussion • Share is about 3.9% - Absolute numbers up to 574,000 servers • Proper information leakage present with up to 158,000 servers • No implementation problem but rather a configuration problem • Number of potentially usable leaking DNS servers highest in the USA DIMVA 2019, Gothenburg

  26. Conclusion • Observed that misconfigured DNS servers might leak internal information to external intruders without the need for an exploit or vulnerability (configuration issue) • Almost 4% of the DNS servers might leak such information • Not a major Internet security problem, but the absolute numbers should be reduced • Data at https://github.com/RUB-SysSec/InfraLeakingDNS DIMVA 2019, Gothenburg

  27. Questions? Conclusion Dennis Tatang • Observed that misconfigured DNS servers dennis.tatang@rub.de might leak internal information to external intruders without the need for an exploit or @dennis4its on Twitter vulnerability (configuration issue) • Almost 4% of the DNS servers might leak such information • Not a major Internet security problem, but the absolute numbers should be reduced • Data at https://github.com/RUB- SysSec/InfraLeakingDNS DIMVA 2019, Gothenburg

Recommend

E Evolution of NTCIR: l Infrastructure of Large-Scale Infrastructure of Large Scale

E Evolution of NTCIR: l Infrastructure of Large-Scale Infrastructure of Large Scale

E Evolution of NTCIR: l Infrastructure of Large-Scale Infrastructure of Large Scale Information Access Technologies Evaluation and Testing Evaluation and Testing Noriko Kando Noriko Kando National Institute of Informatics, Japan

632 views • 61 slides
Allocation of Clients to Multiple Servers on Large Scale Heterogeneous Platforms Olivier

Allocation of Clients to Multiple Servers on Large Scale Heterogeneous Platforms Olivier

Allocation of Clients to Multiple Servers on Large Scale Heterogeneous Platforms Olivier Beaumont, Lionel Eyraud-Dubois, Christopher Thaves-Caro Laboratoire Bordelais de Recherche en Informatique Equipe CEPAGE (INRIA) Scheduling in

373 views • 35 slides
OpenINTEL an infrastructure for long-term, large-scale and high-performance active DNS

OpenINTEL an infrastructure for long-term, large-scale and high-performance active DNS

OpenINTEL an infrastructure for long-term, large-scale and high-performance active DNS measurements DACS DACS Design and Analysis of Communication Systems Why measure DNS? (Almost) every networked service relies on DNS DNS

773 views • 15 slides
INFRASTRUCTURE 2110414 Large Scale Computing Systems Natawut Nupairoj, Ph.D. Outline 2

INFRASTRUCTURE 2110414 Large Scale Computing Systems Natawut Nupairoj, Ph.D. Outline 2

2110414 - Large Scale Computing Systems 1 LARGE SCALE INFRASTRUCTURE 2110414 Large Scale Computing Systems Natawut Nupairoj, Ph.D. Outline 2 Overview Hardware Virtualization Storage Technology 2110414 - Large Scale Computing

512 views • 29 slides
Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code

Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code

Introduction Background Analysis infrastructure Evaluation Policy generation Limitations Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy Vitor Monte Afonso 1 , Antonio Bianchi 2

524 views • 34 slides
Sourcerer: An Infrastructure for Large-scale Collection and Analysis of Open-source Code Sushil

Sourcerer: An Infrastructure for Large-scale Collection and Analysis of Open-source Code Sushil

Sourcerer: An Infrastructure for Large-scale Collection and Analysis of Open-source Code Sushil Bajracharya, Joel Ossher , Cristina Lopes Sushil Bajracharya, Joel Ossher , Cristina Lopes Donald Bren School of Information and Computer Sciences

245 views • 21 slides
Locality Aware Mechanisms for Large-scale Networks: The Tapestry Infrastructure John D.

Locality Aware Mechanisms for Large-scale Networks: The Tapestry Infrastructure John D.

Locality Aware Mechanisms for Large-scale Networks: The Tapestry Infrastructure John D. Kubiatowicz UC Berkeley Global Scale Applications Clear demand for global scale applications Exploiting collective resources File sharing, data

406 views • 19 slides
Designing Hybrid Data Processing Systems for Heterogeneous Servers Peter Pietzuch Large-Scale

Designing Hybrid Data Processing Systems for Heterogeneous Servers Peter Pietzuch Large-Scale

Designing Hybrid Data Processing Systems for Heterogeneous Servers Peter Pietzuch Large-Scale Distributed Systems (LSDS) Group Imperial College London http://lsds.doc.ic.ac.uk &lt;prp@imperial.ac.uk&gt; 1 University of Cambridge

645 views • 40 slides
Granula: Toward Fine-grained Performance Analysis of Large-scale Graph Processing Platforms Wing

Granula: Toward Fine-grained Performance Analysis of Large-scale Graph Processing Platforms Wing

Granula: Toward Fine-grained Performance Analysis of Large-scale Graph Processing Platforms Wing Lung Ngai, Tim Hegeman, Stijn Heldens, and Alexandru Iosup @Large Research Massivizing Computer Systems Large-scale Graph Processing 2 OpenG

266 views • 13 slides
A&quot;Large(Scale&quot;Analysis&quot;of&quot;the&quot;

A&quot;Large(Scale&quot;Analysis&quot;of&quot;the&quot;

A&quot;Large(Scale&quot;Analysis&quot;of&quot;the&quot; Security&quot;of&quot;Embedded&quot;Firmwares Presented(by(Zhenyu Ning 1 Contents 1.(Background 2.(Motivation(&amp;(Challenges 3.(Architecture 4.(Analysis(Result(&amp;(Case(study

784 views • 23 slides
Introduction to Performance Analysis Visualization and Analysis of Performance on Large-scale

Introduction to Performance Analysis Visualization and Analysis of Performance on Large-scale

Introduction to Performance Analysis Visualization and Analysis of Performance on Large-scale Software VAPLS 2013 Todd Gamblin Katherine Isaacs UC Davis, LLNL LLNL Why does my code run slowly? Bad algorithm 1. Poor computational

2.17k views • 12 slides
Panel Discussion: Realizing large scale infrastructure projects Content: 1. Who are we 2. What

Panel Discussion: Realizing large scale infrastructure projects Content: 1. Who are we 2. What

Brgerinitiative PRO ERDKABEL Bad Gandersheim/Kreiensen Panel Discussion: Realizing large scale infrastructure projects Content: 1. Who are we 2. What do we want ? - Our targets 3. What have we done ? 4. Examples for getting acceptance

293 views • 14 slides
Understanding the Impact of Network Infrastructure Changes using Large-Scale Measurement Platforms

Understanding the Impact of Network Infrastructure Changes using Large-Scale Measurement Platforms

Understanding the Impact of Network Infrastructure Changes using Large-Scale Measurement Platforms Vaibhav Bajpai and Jrgen Schnwlder {v.bajpai, j.schoenwaelder}@jacobs-university.de AIMS 2013, Barcelona Computer Networks and Distributed

761 views • 19 slides
robust control for analysis and design of large-scale optimization algorithms Laurent Lessard

robust control for analysis and design of large-scale optimization algorithms Laurent Lessard

robust control for analysis and design of large-scale optimization algorithms Laurent Lessard University of WisconsinMadison Joint work with Ben Recht and Andy Packard LCCC Workshop on Large-Scale and Distributed Optimization Lund

435 views • 32 slides
Multi-scale Analysis of Large Distributed Computing Systems Lucas M. Schnorr, Arnaud Legrand,

Multi-scale Analysis of Large Distributed Computing Systems Lucas M. Schnorr, Arnaud Legrand,

Introduction Multi-scale Analysis Approach Experimental Framework Results and Analysis Conclusion Multi-scale Analysis of Large Distributed Computing Systems Lucas M. Schnorr, Arnaud Legrand, Jean-Marc Vincent INRIA Mescal, CNRS LIG

583 views • 27 slides
Using CellProfiler for Biological Image Analysis Quantitative Analysis of Large-Scale Biological

Using CellProfiler for Biological Image Analysis Quantitative Analysis of Large-Scale Biological

Using CellProfiler for Biological Image Analysis Quantitative Analysis of Large-Scale Biological Image Data Mark-Anthony Bray, Ph.D Imaging Platform, Broad Institute Cambridge, Massachusetts, USA mbray@broadinstitute.org 0.4233 54,454

701 views • 52 slides
FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large Scale Solar Lead April 2017 CONTENTS 1. Introduction to CEFC 2. Investment trends 3. The future of large scale solar 4. Pathway to sustainable

664 views • 21 slides
EMI Inter-component and Large Scale Testing Infrastructure Danilo Dongiovanni INFN-CNAF Outline

EMI Inter-component and Large Scale Testing Infrastructure Danilo Dongiovanni INFN-CNAF Outline

EMI Inter-component and Large Scale Testing Infrastructure Danilo Dongiovanni INFN-CNAF Outline Background on EMI certification and testing process: Role of Testing Infrastructure within Quality Assurance o Product Team (PT) centric

504 views • 19 slides
Contributions to Large Scale Distributed Systems The infrastructure view point Adrien

Contributions to Large Scale Distributed Systems The infrastructure view point Adrien

Contributions to Large Scale Distributed Systems The infrastructure view point Adrien Lebre September 1, 2017 President and Examiner: Reviewers: Claude Jard, Nantes Univ. Erik Elmroth, Ume Univ. Frdric Desprez, Inria Manish

2.4k views • 178 slides
Data Science Until now Abstractions for writing and deploying large-scale web applications

Data Science Until now Abstractions for writing and deploying large-scale web applications

Data Science Until now Abstractions for writing and deploying large-scale web applications Managing infrastructure (PaaS, IaaS, Infrastructure-as- Code, FaaS, etc.) Constructing applications (ML APIs, Backend-as-a- Service) Portland

1.02k views • 58 slides
INFRASTRUCTURE Optimizing Interrupt Handling Performance for Memory Failures in Large Scale Data

INFRASTRUCTURE Optimizing Interrupt Handling Performance for Memory Failures in Large Scale Data

INFRASTRUCTURE Optimizing Interrupt Handling Performance for Memory Failures in Large Scale Data Centers Harish Dattatraya Dixit, Fred Lin, Bill Holland, Matt Beadon, Zhengyu Yang, Sriram Sankar Hardware Sustaining. Facebook. MAP : 1.3B MAP

489 views • 30 slides
Infrastructure Technologies for Large- Scale Service-Oriented Systems Kostas Magoutis

Infrastructure Technologies for Large- Scale Service-Oriented Systems Kostas Magoutis

Infrastructure Technologies for Large- Scale Service-Oriented Systems Kostas Magoutis magoutis@csd.uoc.gr http://www.csd.uoc.gr/~magoutis Kafka Data logged User activity (logins, page views, clicks, likes, sharing, comments, search

366 views • 11 slides
Deviations in Load Testing of Large Scale Systems Haroon Malik Software Analysis and

Deviations in Load Testing of Large Scale Systems Haroon Malik Software Analysis and

Automatic Detection of Performance Deviations in Load Testing of Large Scale Systems Haroon Malik Software Analysis and Intelligence Lab (SAIL) Queens University, Kingston, Canada Large scale systems need to satisfy performance constraints

822 views • 37 slides
SCRIBE A Large-Scale and Decentralised Application-Level Multicast Infrastructure Joo Nogueira

SCRIBE A Large-Scale and Decentralised Application-Level Multicast Infrastructure Joo Nogueira

SCRIBE A Large-Scale and Decentralised Application-Level Multicast Infrastructure Joo Nogueira Tecnologias de Middleware DI - FCUL - 2006 1 Agenda Motivation Pastry Scribe Scribe Protocol Experimental Evaluation

1.32k views • 109 slides

More recommend