Telematics Exam: DNS Security Solutions

Questions and Answers

How and where can DNS be attacked? (Give 3 different answers)

Cache poisoning (correct)

Redirection (correct)

Forging requests or responses (correct)

Spoofing of DNS servers on different levels (correct)

Why is DNS vulnerable?

Unencrypted requests/responses, non-verified answers, non-authorized servers, unprotected caches - all is based on the simple assumption: “don't lie about others” and trust among the involved systems.

What can happen, if DNS gives wrong answers? What can be done against this (name two solutions)?

Cutting of part of the name space (correct)

Choosing DNS server directly (e.g., 8.8.8.8) (correct)

Using DNSSEC (correct)

Redirection of mapping name to IP address (correct)

How does DNS ensure the uniqueness of names? Who owns the names in DNS?

Uniqueness of top level, within each top-level uniqueness of second level, within each second level uniqueness of third level etc. On each level NIC/admin of level manages/distributes names to owners, owner is registered in data base.

What is the difference between recursive and iterative name resolution?

Iterative: node will return a pointer to the requestor for further requests

What is the focus of congestion and flow control, respectively? Why are they needed?

Congestion control: focus on network, try to avoid congestion in the network, needed to keep network stable. Flow control: focus on end-system, try to avoid overloading of the receiver, both are needed to avoid packet loss due to buffer overflow (n routers of end-systems, respectively).

What does a duplicated ACK in TCP tell the sender? What is the idea of fast recovery?

At least some packets go through the network, no severe congestion of complete link failure. Fast recovery avoids slow-start (congestion window starts at 1 MSS), but starts right away with ½ old congestion window.

What determines the flow of data in TCP? Name three issues and describe!

Receiver window: shows the capabilities of the receiver, has to be taken into account by receiver, can be even 0 to choke transmission

How can TCP detect a congestion? Describe briefly! What are the pros and cons of the two solutions?

Implicit: sender experiences time-out, ACKs to late, missing ACKs and concludes from late/missing ACKs congestion in network

Why can't we build large networks with many nodes based on switches only?

Flat address space, no address aggregation would require storing all addresses individually in switches logical tree structure to avoid loops not feasible in large/world-wide networks, no TTL requires this.

How is routing scalability in the Internet handled?

Hierarchies, routing concerns only limited regions, IGP/EGP, AS with IGP used inside, EGP to connect, AS black box from outside, no complete view of topology needed, routing inside AS independent from outside, only EGP must be compatible worldwide.

What are differences between routing and forwarding? Name two!

Routing often SW, forwarding with HW support

Give 3 examples for routing metrics!

Drop rate

Besides scalability, what is missing in standard link-state and distance vector routing protocols? How does BGP handle these issues?

Paths exchanged, different policies can be applied, paths dropped or accepted based on policies, advertisement of paths also based on policies

Why is it so easy to announce "false" paths?

BGP based on trust between peering partners, original version does not allow for verification of routing data, false announcements cannot be verified, AS can claim to be owner of prefix, path announcements can be manipulated.

Why can RPKI also help in the web ecosystem - isn't it enough to encrypt web pages?

TLS can encrypt content, but can do nothing against e.g. forged certificates or blackholing; attacker can manipulate routing; thus, traffic may never reach web server or may be redirected, web server not wares of attack, DoS made easy.

What does “ossification” of the transport layer mean? What causes this "ossification" (give 2 examples)?

TCP and UDP exist for many years, and thus, their headers are often the only accepted ones for layer 4; these protocols are “hard wired” in many systems, not only end-systems, but also middle boxes

Why does simply sending different data packets of a single TCP connection over different paths not work?

Middle boxes, such as NAT, keep state and, thus, "follow" the states of a TCP connection, may even ACK bytes acting as proxies; incoming packets from an unknown TCP connection (known only via another path) are typically not accepted and, thus, dropped.

How does MPTCP circumvent the "ossification"?

Use of several TCP connections; for the network these TCP-connections belonging to a single MPTCP connection look like “normal” TCP connections with individual states; MPTCP mux/demux the data stream on top of the regular, build-in TCP of the OS.

Why may TCP slow down HTTP and thus the rendering of web pages?

Even HTTP/2 that allows the mux of several http requests and the out-of-order delivery of responses suffers from head-of-line blocking; TCP may cause when a segment is lost; TCP segmentation is independent of the semantics of requests/responses; a lost segment may block the delivery of correct received segments/data to the browser and thus nothing is displayed unless the lost data has been retransmitted; user experience suffers.

How does QUIC solve this issue and how does it circumvent the “ossification” of the transport layer?

QUIC offers several independent streams e.g. for different objects on web pages; data loss in one stream does not influence other streams; using UDP all received data is immediately forwarded to the next higher layer(QUIC); using UDP circumvents the ossification as UDP is well-accepted; QUIC is handled in end-systems only, the network only sees partially encrypted UDP packets

Can we directly transmit data? What is always required?

No, data is something abstract, we always need a physical representation; we need a mapping of data elements to physical signal elements; modulation of physical signals based on data.

What are the effects of bandwidth limitation of a physical medium?

The effective bandwidth of a physical medium limits the max. available data rate; Shannon's law: data rate = bandwidth * log_2 (1 + S/N); limitation of the symbol rate.

How to achieve bit synchronization between sender and receiver? Give two examples!

Provide falling/rising edge always in the middle of a bit (Manchester); ensure that no long sequences of Os (or) 1s exist – then use (differential) NRZ (4B5B etc.); separate clock line if distance is short.

Why is it impossible to detect all possible errors?

A really mean error could map a valid codeword onto another valid one – this is impossible to detect; receiver does not know what the sender has send, thus all legal codewords are fine; CRC does not detect e.g. multiples of the generator polynomial added to transmitted data.

Study Notes

Exam Telematics - Solutions

• The solutions provided are examples, not exhaustive, but sufficient for full marks. Correct keywords and coherent arguments are essential.

DNS (16 points)

• DNS Attacks (3):

  • Cache poisoning
  • Spoofing of DNS servers (at various levels)
  • Forging requests/responses
  • Redirection

• DNS Vulnerability (2):

  • Unencrypted requests/responses
  • Non-verified answers
  • Unauthorised servers
  • Unprotected caches

• Incorrect DNS Answers (4):

  • Consequences: Name to IP mapping errors, redirection to wrong servers, reduced web access.
  • Solutions: Direct use of trusted DNS servers (e.g., 8.8.8.8), DNSSEC implementation

• DNS Name Uniqueness (3):

  • Uniqueness ensured through hierarchical structure (top-level, second-level, etc).
  • Each level's Network Information Center (NIC)/administrator manages/assigns names to owners.
  • Owner registration in a database.

• Recursive vs. Iterative Resolution (4):

  • Recursive: Query answered by the requested node, possibly involving further requests without user involvement.
  • Iterative: Node provides pointers to the requester for further queries.

Congestion and Flow Control (20 points)

• Congestion Control Focus (4):

  • Focus on the network
  • Aims to prevent congestion
  • Necessary for network stability

• Flow Control Focus (4):

  • Focus on the end-system
  • Prevents receiver overload
  • Necessary for preventing packet loss

• Duplicated ACKs in TCP (4):

  • Indication of successful packet transmission.
  • Fast recovery avoids 'slow start'. 'Slow start' initializes the congestion window at one maximum segment size (MSS) but starts right away.

• TCP Flow Determination (6):

  • RTT: Round trip time
  • Error rate: Determines retransmission amount
  • Receiver window: Defines receiver capacity

• TCP Congestion Detection (6):

  • Explicit: Using ECN bits in the IP header (set by routers experiencing congestion, reflected to sender).
  • Implicit: Sender detects time-outs or missing ACKs (indicating congestion).

Routing (18 points)

• Limitations of Switches (2):

  • Flat address space requires storing all addresses
  • Inefficient for large networks.
  • Requires logical tree structure to avoid loops.

• Routing Scalability (2):

  • Hierarchies
  • Interior Gateway Protocols (IGPs) and Exterior Gateway Protocols (EGPs)
  • Autonomous Systems (AS) boundaries

• Routing vs. Forwarding (3):

  • Forwarding is time-critical with one choice
  • Routing is less time-critical and multiple paths.

• Routing Metrics (3):

  • Delay
  • Hop count
  • Data rate

• Routing Issue Handling (Routing Protocols) (3):

  • Policies and paths
  • Handling asymmetric routing
  • Different policies applied to paths

• False Path Announcement (2):

  • Lack of verification mechanisms
  • Trust-based system
  • Manipulating announcements

• RPKI Support on Web (3):

  • Enables encrypting website content
  • Protection against routing manipulation
  • Protection against Denial of Service (DoS).

Ossification/New Protocols (18 points)

• Transport Layer Ossification (4):

  • Established protocols (TCP/UDP) are widely used and integrated.
  • Changes to protocols are difficult due to widespread use.
  • Middleboxes cause dependency on existing protocols.

• TCP Connection Handling (4):

  • Maintaining state during packet delivery over different paths often fails.
  • Middleboxes follow connections, making it difficult.

• MPTCP Circumvention (2):

  • Breaks up connections into multi-path TCP (MPTCP) individual segments.

• HTTP Slowdown (4):

  • Lost segments block correct data delivery
  • TCP congestion can cause delays
  • User experience is negatively affected.

Bits and Signals (18 points)

• Data Transmission Requirement (4):

  • Physical representation mapping needed
  • Signal modulation crucial

• Bandwidth Limitation (2):

  • Shannon's law defines data rates dependent on bandwidth and signal-to-noise ratio.

• Quantization Challenges (2):

  • Decreasing signal levels lead to increasing interference, potential for data corruption.

• Bit Synchronization (4):

  • Manchester encoding (edge-based): Transitions in the middle of a bit
  • Differential encoding: Transitions based on difference between previous and current bit values

• Frame Alignment (4):

  • Defining and separating frame starts/limits.
  • Including checksums/length information for error checks.

• Transmission Error Detection (2):

  • CRC (Cyclic Redundancy Check).

Description

This quiz covers the solutions to DNS attacks, vulnerabilities, and incorrect answers. It explores the importance of DNSSEC implementation and the uniqueness of DNS names. Assess your understanding of these concepts relevant to telematics and network security.