Lecture 8 Network Security - Part 1_v1_Part4.pdf
Document Details
Uploaded by UndauntedRetinalite
Tags
Full Transcript
DNS • The service converts a human readable name into an IP address on a network. • It can be thought of as a White Pages or Yellow Pages directory service. DNS is like the phone book of the Internet. • DNS is a name-to-address resolution protocol that keeps a list of computer names and their IP add...
DNS • The service converts a human readable name into an IP address on a network. • It can be thought of as a White Pages or Yellow Pages directory service. DNS is like the phone book of the Internet. • DNS is a name-to-address resolution protocol that keeps a list of computer names and their IP addresses. – Using DNS, a user can use a computer’s name instead of using its IP address. • Applications that use DNS include World Wide Web (WWW), email, and instant messages. 58 Name Resolution Response Name resolution response • Authoritative response – The response is resolved from the authoritative DNS server for the queried domain name. • Non-authoritative response – The response is not resolved from the authoritative DNS server for the queried domain name. 59 Example of Authoritative Response • When you use a PC from QUT’s computer lab, you enter http://library.qut.edu.au in your web browser, the DNS client service contacts the local DNS server, i.e. QUT’s DNS server • The QUT’s DNS server has the matched record for library.qut.edu.au in the DNS zone and returns the IP address for the website library.qut.edu.au, then your computer can contact the web server to request a web page. 60 Example of Non-authoritative Response 2 Root server 3 4 1.Query for www.ibm.com 1 5 2.Query to root server 8 3.Try one of these com TLD servers 6 4.Query to com TLD server 7 5.Try one of the ibm.com DNS servers 6.Query to a ibm.com DNS server 7.Query is resolved, i.e. the address is 129.42.38.10 8. Return the IP address Then the query result is cached on the local DNS server for a certain period of time. When the same query is recurred, the local DNS returns a non-authoritative answer. DNS client Com TLD server Local DNS server IBM.com DNS server 61 DNS query and response messages 62 Vulnerabilities/Threats in DNS • The DNS scheme has – No authentication – No authenticity and integrity checking on DNS responses • DNS Cache-poisoning attack (redirect attack) – By changing DNS records on a DNS server or DNS cache server to redirect network traffic from a legitimate web server to a malicious Website • DNS flood attack – DoS/DDos is to overload the network with a high volume to overload the network capacity and exhaust computer resources. 63 Protocol Threats • IP – IP Spoofing attack – Fragmentation attack • ARP – ARP Cache-poisoning attack – MITM attack • ICMP – Redirect attack – Ping of death attack • TCP – Predicting TCP Sequences – TCP SYN Flood attack • DHCP – DHCP Spoofing – Starvation attack • DNS – DNS Cache Poisoning – DNS Flood attack 64 Security attacks • Active attack – involves data modification or the creation of a false stream, e.g. • masquerade, replay, modification of messages, man-in-the-middle (MITM) and DoS/DDoS • Passive attack – attempts to learn or make use of information from the system but does not affect system resources, e.g. traffic analysis, release of information contents 65
