network security dns caching and dos
play

Network security (DNS caching and DoS) CS 161: Computer Security - PowerPoint PPT Presentation

Dec 21, 2022 •240 likes •1.14k views

Network security (DNS caching and DoS) CS 161: Computer Security Prof. Raluca Ada Popa March 1, 2018 Slides adapted from David Wagner DNS Overview DNS translates www.google.com to 74.125.25.99 Its a performance-critical

  1. Network security (DNS caching and DoS) CS 161: Computer Security Prof. Raluca Ada Popa March 1, 2018 Slides adapted from David Wagner

  2. DNS Overview • DNS translates www.google.com to 74.125.25.99 • It’s a performance-critical distributed database. • DNS security is critical for the web. • Analogy: If you don’t know the answer to a question, ask a friend for help (who may in turn refer you to a friend of theirs, and so on).

  3. DNS Overview • DNS translates www.google.com to 74.125.25.99 • It’s a performance-critical distributed database. • DNS security is critical for the web. • Analogy: If you don’t know the answer to a question, ask a friend for help (who may in turn refer you to a friend of theirs, and so on). • Security risks: friend might be malicious, communication channel to friend might be insecure, friend might be well-intentioned but misinformed

  4. DNS Lookups via a Resolver root DNS server ( ‘ . ’ ) Host at xyz.poly.edu wants IP address for 2 eecs.mit.edu 3 TLD (top-level domain) DNS 4 server ( ‘ .edu ’ ) local DNS server (resolver) 5 dns.poly.edu Caching heavily 6 7 1 8 used to minimize authoritative DNS server (for ‘ mit.edu ’ ) lookups dns.mit.edu 9 client( requesting host) xyz.poly.edu eecs.mit.edu

  5. Security risk #1: malicious DNS server • Of course, if any of the DNS servers queried are malicious, they can lie to us and fool us about the answer to our DNS query

  6. Security risk #2: on-path attacker • If attacker can eavesdrop on our traffic… we’re hosed. • Why? We’ll see why.

  7. Security risk #3: off-path attacker • If attacker can’t eavesdrop on our traffic, can he inject spoofed DNS responses? • Yes. This case is especially interesting, so we’ll look at it in detail.

  8. DNS Threats • DNS: path-critical for just about everything we do – Maps hostnames Û IP addresses – Design only scales if we can minimize lookup traffic o #1 way to do so: caching o #2 way to do so: return not only answers to queries, but additional info that will likely be needed shortly • What if attacker eavesdrops on our DNS queries? – Then similar to DHCP/TCP, can spoof responses • Consider attackers who can’t eavesdrop - but still aim to manipulate us via how the protocol functions • Directly interacting w/ DNS: dig program on Unix – Allows querying of DNS system – Dumps each field in DNS responses

  9. Use Unix “ dig ” utility to look up IP address dig eecs.mit.edu A ( “ A ” ) for hostname eecs.mit.edu via DNS ; ; <<>> DiG 9.6.0-APPLE-P2 <<>> eecs.mit.edu a ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19901 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;eecs.mit.edu. IN A ;; ANSWER SECTION: eecs.mit.edu. 21600 IN A 18.62.1.6 ;; AUTHORITY SECTION: mit.edu. 11088 IN NS BITSY.mit.edu. mit.edu. 11088 IN NS W20NS.mit.edu. mit.edu. 11088 IN NS STRAWB.mit.edu. ;; ADDITIONAL SECTION: STRAWB.mit.edu. 126738 IN A 18.71.0.151 BITSY.mit.edu. 166408 IN A 18.72.0.3 W20NS.mit.edu. 126738 IN A 18.70.0.160

  10. dig eecs.mit.edu A ; ; <<>> DiG 9.6.0-APPLE-P2 <<>> eecs.mit.edu a ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19901 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;eecs.mit.edu. IN A ;; ANSWER SECTION: eecs.mit.edu. 21600 IN A 18.62.1.6 ;; AUTHORITY SECTION: mit.edu. 11088 IN NS BITSY.mit.edu. mit.edu. 11088 IN NS W20NS.mit.edu. mit.edu. 11088 IN NS STRAWB.mit.edu. The question we asked the server ;; ADDITIONAL SECTION: STRAWB.mit.edu. 126738 IN A 18.71.0.151 BITSY.mit.edu. 166408 IN A 18.72.0.3 W20NS.mit.edu. 126738 IN A 18.70.0.160

  11. dig eecs.mit.edu A ; ; <<>> DiG 9.6.0-APPLE-P2 <<>> eecs.mit.edu a ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19901 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;eecs.mit.edu. IN A A 16-bit transaction identifier that enables ;; ANSWER SECTION: the DNS client ( dig , in this case) to match up eecs.mit.edu. 21600 IN A 18.62.1.6 the reply with its original request ;; AUTHORITY SECTION: mit.edu. 11088 IN NS BITSY.mit.edu. mit.edu. 11088 IN NS W20NS.mit.edu. mit.edu. 11088 IN NS STRAWB.mit.edu. ;; ADDITIONAL SECTION: STRAWB.mit.edu. 126738 IN A 18.71.0.151 BITSY.mit.edu. 166408 IN A 18.72.0.3 W20NS.mit.edu. 126738 IN A 18.70.0.160

  12. dig eecs.mit.edu A ; ; <<>> DiG 9.6.0-APPLE-P2 <<>> eecs.mit.edu a ;; global options: +cmd ;; Got answer: “ Answer ” tells us the IP address associated ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19901 with eecs.mit.edu is 18.62.1.6 and we can ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 cache the result for 21,600 seconds ;; QUESTION SECTION: ;eecs.mit.edu. IN A ;; ANSWER SECTION: eecs.mit.edu. 21600 IN A 18.62.1.6 ;; AUTHORITY SECTION: mit.edu. 11088 IN NS BITSY.mit.edu. mit.edu. 11088 IN NS W20NS.mit.edu. mit.edu. 11088 IN NS STRAWB.mit.edu. ;; ADDITIONAL SECTION: STRAWB.mit.edu. 126738 IN A 18.71.0.151 BITSY.mit.edu. 166408 IN A 18.72.0.3 W20NS.mit.edu. 126738 IN A 18.70.0.160

  13. dig eecs.mit.edu A ; ; <<>> DiG 9.6.0-APPLE-P2 <<>> eecs.mit.edu a ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19901 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;eecs.mit.edu. IN A ;; ANSWER SECTION: eecs.mit.edu. 21600 IN A 18.62.1.6 ;; AUTHORITY SECTION: mit.edu. 11088 IN NS BITSY.mit.edu. In general, a single Resource Record (RR) like mit.edu. 11088 IN NS W20NS.mit.edu. this includes, left-to-right, a DNS name, a time- mit.edu. 11088 IN NS STRAWB.mit.edu. to-live , a family ( IN for our purposes - ignore), a type ( A here), and an associated value ;; ADDITIONAL SECTION: STRAWB.mit.edu. 126738 IN A 18.71.0.151 BITSY.mit.edu. 166408 IN A 18.72.0.3 W20NS.mit.edu. 126738 IN A 18.70.0.160

  14. dig eecs.mit.edu A ; ; <<>> DiG 9.6.0-APPLE-P2 <<>> eecs.mit.edu a “ Authority ” tells us the name servers responsible for ;; global options: +cmd the answer. Each RR (resource record) gives the ;; Got answer: hostname of a different name server ( “ NS ” ) for names ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19901 in mit.edu. We should cache each record for 11,088 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 seconds. ;; QUESTION SECTION: If the “ Answer ” had been empty, then the resolver’s ;eecs.mit.edu. IN A next step would be to send the original query to one of these name servers. ;; ANSWER SECTION: eecs.mit.edu. 21600 IN A 18.62.1.6 ;; AUTHORITY SECTION: mit.edu. 11088 IN NS BITSY.mit.edu. mit.edu. 11088 IN NS W20NS.mit.edu. mit.edu. 11088 IN NS STRAWB.mit.edu. ;; ADDITIONAL SECTION: STRAWB.mit.edu. 126738 IN A 18.71.0.151 BITSY.mit.edu. 166408 IN A 18.72.0.3 W20NS.mit.edu. 126738 IN A 18.70.0.160

  15. dig eecs.mit.edu A ; ; <<>> DiG 9.6.0-APPLE-P2 <<>> eecs.mit.edu a ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19901 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: “ Additional ” provides extra information to save us from ;eecs.mit.edu. IN A making separate lookups for it, or helps with bootstrapping. ;; ANSWER SECTION: Here, it tells us the IP addresses for the hostnames of the eecs.mit.edu. 21600 IN A 18.62.1.6 name servers. We add these to our cache. ;; AUTHORITY SECTION: mit.edu. 11088 IN NS BITSY.mit.edu. mit.edu. 11088 IN NS W20NS.mit.edu. mit.edu. 11088 IN NS STRAWB.mit.edu. ;; ADDITIONAL SECTION: STRAWB.mit.edu. 126738 IN A 18.71.0.151 BITSY.mit.edu. 166408 IN A 18.72.0.3 W20NS.mit.edu. 126738 IN A 18.70.0.160

Recommend

Cooperative Web Caching Cooperative Web Caching Cooperative Caching Cooperative Caching

Cooperative Web Caching Cooperative Web Caching Cooperative Caching Cooperative Caching

Cooperative Web Caching Cooperative Web Caching Cooperative Caching Cooperative Caching Previous work has shown that hit rate increases with population size [Duska et al. 97, Breslau et al. 98] However, single proxy caches have practical limits

868 views • 53 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
On the Power of In-Network Caching in the Hadoop Distributed File System ERIC NEWBERRY,

On the Power of In-Network Caching in the Hadoop Distributed File System ERIC NEWBERRY,

On the Power of In-Network Caching in the Hadoop Distributed File System ERIC NEWBERRY, BEICHUAN ZHANG Motivation In-network caching Lots of research has been done about ICN/NDN caching, but mostly using synthetic traffic. How much

867 views • 20 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Tree-Like Network Yu an Su n

Tree-Like Network Yu an Su n

Coded Caching in Tree-Like Network Yu an Su n Introduction Problem Setting Main Results CONTANTS Discussion I n t r o d u c t i o n What is the cache? caching is a necessary and

461 views • 14 slides
Agenda Caching Caching Gitlab Demo Caching Demos Mirroring Caching Limitations Manual

Agenda Caching Caching Gitlab Demo Caching Demos Mirroring Caching Limitations Manual

Agenda Caching Caching Gitlab Demo Caching Demos Mirroring Caching Limitations Manual Mirroring Caching Other Registries Summary 1 / 35 @sudo_bmitch How to Use Mirroring and Caching to Optimize Your Image Registry Brandon Mitchell

837 views • 35 slides
Web Caching based on: Web Caching , Geoff Huston Web Caching and Zipf-like Distributions:

Web Caching based on: Web Caching , Geoff Huston Web Caching and Zipf-like Distributions:

Web Caching based on: Web Caching , Geoff Huston Web Caching and Zipf-like Distributions: Evidence and Implications , L. Breslau, P. Cao, L. Fan, G. Phillips, S. Shenker On the scale and performance of cooperative Web proxy caching ,

640 views • 24 slides
Adaptive Caching Algorithms with Optimality Guarantees for NDN Networks Stratis Ioannidis and

Adaptive Caching Algorithms with Optimality Guarantees for NDN Networks Stratis Ioannidis and

Adaptive Caching Algorithms with Optimality Guarantees for NDN Networks Stratis Ioannidis and Edmund Yeh A Caching Network Nodes in the network store content items (e.g., files, file chunks) 1 Adaptive Caching Networks w. Optimality Guarantees

734 views • 57 slides
Jointly Optimal Routing &amp; Caching for Arbitrary Network Topologies Stratis Ioannidis and

Jointly Optimal Routing &amp; Caching for Arbitrary Network Topologies Stratis Ioannidis and

Jointly Optimal Routing &amp; Caching for Arbitrary Network Topologies Stratis Ioannidis and Edmund Yeh ICN 2017 A Caching Network Webserver User ? User nodes generate requests for content items with certain arrival rates Jointly Optimal

883 views • 74 slides
Web Caching and Content Delivery Web Caching and Content Delivery Caching for a Better Web

Web Caching and Content Delivery Web Caching and Content Delivery Caching for a Better Web

Web Caching and Content Delivery Web Caching and Content Delivery Caching for a Better Web Caching for a Better Web Performance is a major concern in the Web Proxy caching is the most widely used method to improve Web performance

438 views • 22 slides
access control 1 last time (1) network fjlesystem caching open-to-close consistency

access control 1 last time (1) network fjlesystem caching open-to-close consistency

access control 1 last time (1) network fjlesystem caching open-to-close consistency compromise: consistent for typical use check on open write on close callbacks for caching server notifjes interested clients disconnected operation

785 views • 49 slides
Web Caching Web Caching and wireless networks Next generation Wireless Networks Helsinki

Web Caching Web Caching and wireless networks Next generation Wireless Networks Helsinki

Web Caching Web Caching and wireless networks Next generation Wireless Networks Helsinki university of technology Csar Fernndez Gago Jean-Baptiste Escoyez 1 Index Web caching concepts Web caching issues How does it works?

417 views • 18 slides
NetCache: Balancing Key-Value Stores with Fast In-Network Caching Xin Jin, Xiaozhou Li , Haoyu

NetCache: Balancing Key-Value Stores with Fast In-Network Caching Xin Jin, Xiaozhou Li , Haoyu

NetCache: Balancing Key-Value Stores with Fast In-Network Caching Xin Jin, Xiaozhou Li , Haoyu Zhang, Robert Soul Jeongkeun Lee, Nate Foster, Changhoon Kim, Ion Stoica NetCache is a rack-scale key-value store that leverages in-network data

1.07k views • 31 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Scaling Your Cache &amp; Caching at Scale Alex Miller @puredanger Mission Why does caching

Scaling Your Cache &amp; Caching at Scale Alex Miller @puredanger Mission Why does caching

Scaling Your Cache &amp; Caching at Scale Alex Miller @puredanger Mission Why does caching work? Whats hard about caching? How do we make choices as we design a caching architecture? How do we test a cache for performance?

965 views • 59 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
CACHING BEYOND RAM CACHING BEYOND RAM memcached.org/blog @dormando WHY RAM? WHY RAM?

CACHING BEYOND RAM CACHING BEYOND RAM memcached.org/blog @dormando WHY RAM? WHY RAM?

CACHING BEYOND RAM CACHING BEYOND RAM memcached.org/blog @dormando WHY RAM? WHY RAM? Identical Cache W W W Broadcast Invalidation W W W MC HASH(key) MC 1G RAM 4G RAM W DB 32bit OS! 4G RAM 4G RAM W DB Filled Empty RAM Slots

417 views • 39 slides
VM and I/O IO-Lite: A Unified I/O Buffering and Caching System Vivek S. Pai, Peter Druschel,

VM and I/O IO-Lite: A Unified I/O Buffering and Caching System Vivek S. Pai, Peter Druschel,

VM and I/O IO-Lite: A Unified I/O Buffering and Caching System Vivek S. Pai, Peter Druschel, Willy Zwaenepoel Software Prefetching and Caching for TLBs Kavita Bala, M. Frans Kaashoek, William E. Weihl General themes CPU, network bandwidth

898 views • 53 slides
1 Web Traffic Characterization Zipf Web Traffic Characterization Zipf [Breslau/Cao99] and

1 Web Traffic Characterization Zipf Web Traffic Characterization Zipf [Breslau/Cao99] and

Caching for a Better Web Caching for a Better Web Performance is a major concern in the Web Proxy caching is the most widely used method to improve Web performance Web Caching and Content Delivery Web Caching and Content Delivery

584 views • 4 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

1.68k views • 39 slides

More recommend