113 Hits in 4.7 sec

Fragmentation Considered Leaking: Port Inference for DNS Poisoning [chapter]

Haya Shulman, Michael Waidner
2014 Lecture Notes in Computer Science  
We show how to apply our techniques for DNS cache poisoning. We tested our attacks against standard and patched operating systems and popular DNS resolvers software.  ...  Such attacks subvert the correctness and availability of Internet services and, among others, were applied for DNS cache poisoning, TCP injections, reflection DDoS attacks.  ...  We are grateful for support for CAIDA's Internet Traces [1] that is provided by the National Science Foundation, the US Department of Homeland Security, and CAIDA Members.  ... 
doi:10.1007/978-3-319-07536-5_31 fatcat:fg2c27473na7xl5pezrhsdivnq

From IP to transport and beyond: cross-layer attacks against applications [article]

Tianxiang Dai, Philipp Jeitner, Haya Shulman, Michael Waidner
2022 arXiv   pre-print
We perform the first analysis of methodologies for launching DNS cache poisoning: manipulation at the IP layer, hijack of the inter-domain routing and probing open ports via side channels.  ...  Our study shows that DNS plays a much more central role in the Internet security than previously assumed. We recommend mitigations for securing the applications and for preventing cache poisoning.  ...  ACKNOWLEDGEMENTS We thank the anonymous referees for thoughtful feedback on our work.  ... 
arXiv:2205.06085v1 fatcat:qwp4nwa5gvfszl34xhkk52sdyq

SERVFAIL: The Unintended Consequences of Algorithm Agility in DNSSEC [article]

Elias Heftrig, Jean-Pierre Seifert, Haya Shulman, Peter Thomassen, Michael Waidner, Nils Wisiol
2022 arXiv   pre-print
In this work we show for the first time that the cryptographic agility in DNSSEC, although critical for making DNS secure with strong cryptography, also introduces a severe vulnerability.  ...  As a result, domains that deploy new ciphers, risk exposing the validating resolvers to cache poisoning attacks.  ...  In 2015 [37] showed how to apply fragmentation to infer the source port of resolvers that use upstream forwarders.  ... 
arXiv:2205.10608v1 fatcat:w2pimvduyzbkdjevm22rmxnwpy

Off-Path Hacking: The Illusion of Challenge-Response Authentication

Yossi Gilad, Amir Herzberg, Haya Shulman
2014 IEEE Security and Privacy  
We review recent off-path TCP injection and DNS poisoning attacks, enabling attackers to circumvent existing challenge-response defenses. Both TCP and DNS attacks are non-trivial, yet practical.  ...  Often, the challenges re-use existing header fields to protect widelydeployed protocols such as TCP and DNS. We argue that this practice may often give an illusion of security.  ...  ACKNOWLEDGEMENTS We thank the anonymous referees for their comments and feedback on earlier version of this manuscript.  ... 
doi:10.1109/msp.2013.130 fatcat:doqpplefybcwbngquhh7pfxlke

On the Soundness of Infrastructure Adversaries [article]

Alexander Dax, Robert Künnemann
2021 arXiv   pre-print
We then demonstrate the approach for a recently proposed threat model that quantifies the confidentiality of email communication on the Internet, including DNS, DNSSEC, and SMTP.  ...  B unpacks this source port using the destructor for ' c_communicate_src_port '. 7.  ...  . r dns´route´res [52] , however, assumes that this is the case, i.e. that DNSSEC is an effective countermeasure against domain poisoning attacks mounted between the local (recursive, usually non-validating  ... 
arXiv:2105.06731v1 fatcat:xpppiskmsvfbxfmvtyzwi2ojsa

SMap: Internet-wide Scanning for Ingress Filtering [article]

Tianxiang Dai, Haya Shulman
2020 arXiv   pre-print
Despite the importance, the existing studies do not allow to infer the extent of ingress filtering at Internet-scale, providing results with only a limited coverage: they can either measure networks that  ...  In this work we present the Spoofing Mapper (SMap): the first scanner for performing Internet-wide studies of enforcement of ingress filtering.  ...  ., for avoiding detection and filtering of attack sources, for reflecting attack traffic, for DNS cache poisoning, for triggering services which can only be accessible to internal users.  ... 
arXiv:2003.05813v3 fatcat:oiqpwuhzlfattnbrckwenscffi

Leveraging Internet Background Radiation for Opportunistic Network Analysis

Karyn Benson, Alberto Dainotti, kc claffy, Alex C. Snoeren, Michael Kallitsis
2015 Proceedings of the 2015 ACM Conference on Internet Measurement Conference - IMC '15  
Chiara Orsini's help with BGPStream allowed me to quickly compare IBR-inferred path changes with ASlevel routes.  ...  Above all, I am thankful for my advisors' patience.  ...  We feel that our data is representative of IBR, and that researchers using other darknets will experience similar results when using IBR to make Internet-wide inferences.  ... 
doi:10.1145/2815675.2815702 dblp:conf/imc/BensonDcSK15 fatcat:xjiswtal4ng3pono2wptto57pq

Domain Name System Security and Privacy: A Contemporary Survey [article]

Aminollah Khormali, Jeman Park, Hisham Alasmary, Afsah Anwar, David Mohaisen
2020 arXiv   pre-print
In order to comprehensively understand the root causes of the vulnerabilities of DNS, it is mandatory to review the various activities in the research community on DNS landscape.  ...  This paper not only focuses on the DNS threat landscape and existing challenges, but also discusses the utilized data analysis methods, which are frequently used to address DNS threat vulnerabilities.  ...  Lu and Tsudik [78] explored DNS privacy leaks during domain resolution and presented Privacy-Preserving DNS (PPDNS) that mitigates the privacy issues in DNS.  ... 
arXiv:2006.15277v1 fatcat:loknouehirdhvdgztkevi27vse

The workshop on active internet measurements (AIMS) report

k. c. claffy, Marina Fomenkov, Ethan Katz-Bassett, Robert Beverly, Beverly A. Cox, Matthew Luckie
2009 Computer communication review  
We thank all participants for their insights, feedback, and contributions of text to the report, and many thanks to Evi Nemeth for taking excellent notes at the meeting.  ...  Censorship implementations vary, from directly controlling DNS resolvers, cache poisoning, or in-flight packet modification or injection.  ...  John-Paul Verkamp (Indiana U.) described his ideas to use DNS, BGP, and other data to infer censorship.  ... 
doi:10.1145/1629607.1629614 fatcat:phe3yyhogfanpcljf5ouccislu

Subverting Stateful Firewalls with Protocol States (Extended Version) [article]

Amit Klein
2022 arXiv   pre-print
We analyzed the generation of protocol header fields in the implementations of multiple TCP/IP network stacks and found new ways to leak information about global protocol states.  ...  These are three generic, new use cases for covert channels that work around firewalling and enable devices that are not allowed direct communication with the Internet, to still exfiltrate data out of the  ...  Acknowledgment We would like to thank Benny Pinkas, the anonymous NDSS 2022 reviewers and Haixin Duan (our NDSS shepherd) for their valuable feedback, and Ehood Porat for his help in reverse engineering  ... 
arXiv:2112.09604v4 fatcat:kga5twllfzcqlbd2ywnocsg6b4

Toward Engineering a Secure Android Ecosystem

Meng Xu, Chenxiong Qian, Sangho Lee, Taesoo Kim, Chengyu Song, Yang Ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee
2016 ACM Computing Surveys  
For each category, we provide a comprehensive narrative of the problem space, highlight the limitations of the proposed solutions, and identify open problems for future research.  ...  Based on our collection of knowledge, we envision a blueprint for engineering a secure, next-generation Android ecosystem.  ...  users to his/her DNS.  ... 
doi:10.1145/2963145 fatcat:d5vhxpdywrevvbh4as6vvt576q

Assessing the security of VoIP Services

H. Abdelnur, R. State, I. Chrisment, C. Popi
2007 2007 10th IFIP/IEEE International Symposium on Integrated Network Management  
contributions consist in an elaborated network information model capable to be used in VoIP assessment, an extensible assessment architecture and its implementation, as well as in a comprehensive framework for  ...  There are several ways to achieve the latter action, like for instance ARP poisoning, Spanning Tree attacks, DNS poisoning.  ...  Also, extra information can be obtained, as for instance the routing gateway IP, the DNS server IP, a TFTP server IP, etc.  ... 
doi:10.1109/inm.2007.374802 dblp:conf/im/AbdelnurSCP07 fatcat:cxik5vpvfjdwbe52feyh76ikka

From IP ID to Device ID and KASLR Bypass (Extended Version) [article]

Amit Klein, Benny Pinkas
2019 arXiv   pre-print
In modern Linux and Android versions, this field leaks a kernel address, thus we also break KASLR.  ...  We deployed a demo (for Windows) showing that key extraction and machine fingerprinting works in the wild, and tested it from networks around the world.  ...  This technique is then used in [20] to poison DNS records. OS Fingerprinting: [61] suggests using IPID = 0 as a fingerprint for some operating systems.  ... 
arXiv:1906.10478v2 fatcat:aqxxj4w54bhstbonrts23gy4qq

Security, Privacy, and Access Control in Information-Centric Networking: A Survey [article]

Reza Tourani, Travis Mick, Satyajayant Misra, Gaurav Panwar
2017 arXiv   pre-print
We conclude the survey with lessons learned and scope for future work.  ...  In the broad area of security, we review attack scenarios, such as denial of service, cache pollution, and content poisoning.  ...  For content retrieval, a client queries the DNS to resolve the content name into a digital certificate.  ... 
arXiv:1603.03409v3 fatcat:ynhnoqve3nbzrdvlxy4jigzlkq

Issue number 3 Volume 7 December 2011

Aamir [Editor] Al-Mosawi
2011 Zenodo  
Acknowledgements The authors wish to thank all the medical and nursing staff for their help in this study.  ...  Acknowledgement The authors of this study wish to thank Universiti Kebangsaan Malaysia for funding this project.  ...  Effective disease control has been inferred from significant improvements in progression-free survival.  ... 
doi:10.5281/zenodo.3895714 fatcat:s3uap36hfng4dbl7ljn5jrwuha
« Previous Showing results 1 — 15 out of 113 results