Networking / Beginners

DNS Direct Risks

DNS has the reputation of being the most insecure protocol on the Internet. The fundamental security flaw in DNS revolves around the assumed trust between DNS servers: DNS systems assume that servers do not intentionally provide misinformation. Moreover, the DNS protocol provides no means for authenticating clients with servers, and vice versa. The lack of authentication permits attackers to target the trust relationship.

DNS is vulnerable to a variety of trust-based attacks. These attacks include unauthenticated responses, cache poisoning, and blind ID attacks. In addition, some DNS implementations are vulnerable to corrupt DNS packets.

Unauthenticated Responses

DNS uses a session identifier to match requests with replies, but the session identifier provides no authentication. An attacker that observes a DNS request can forge a DNS reply. The false reply includes the observed session identifier. The result is an unauthenticated response that appears authentic. The attacker may even set the authoritative flag in the packet, removing any doubt as to the data's accuracy. The requester receives the reply and accepts the unauthenticated response. The result is an attacker that can control the hostname lookups and consequently redirect victim connections.

[Previous] [Contents] [Next]