The Impact of RFC Guidelines on DNS Spoofing Attacks
EXECUTIVE SUMMARY
This paper provides a brief overview of basic Domain Name System (DNS) spoofing
attacks against
DNS client resolvers. Technical challenges are proposed that should help to
both identify
attempted attacks and prevent them from being successful. Relevant Request for
Comments (RFC)
guidelines, used by programmers to help ensure their DNS resolver code meets
specifications, are
reviewed. This results in the realisation that the RFC guidelines are not
adequately specific or
forceful to help identify or prevent DNS spoofing attacks against DNS client
resolvers.
Furthermore, the RFC guidelines actually simplify such attacks to a level that
has not previously
been discussed in the public domain until now.
To highlight the consequences of merely conforming to the RFC guidelines
without considering
security ramifications, an example DNS spoofing attack against the DNS resolver
in Microsoft
Windows XP is provided. This illustrates serious weaknesses in the Windows XP
DNS resolver client
implementation. For example, Windows XP will accept a DNS reply as being valid
without performing
a thorough check that the DNS reply actually matches the DNS request. This
allows an attacker to
create a malicious generic DNS reply that only needs to meet a couple of
criteria with predictable
values in order to be accepted as a valid DNS reply by the targeted user.
This paper discusses the practical impact of the issues raised, such as the
ability to perform a
successful and reasonably undetectable DNS spoofing attack against a large
target base of Windows
XP users, without the attacker requiring knowledge of the DNS requests issued
by the targeted
users. Finally, a comparison with the DNS resolver in Debian Linux is supplied.
The paper can be found at the following URL:
http://members.ozemail.com.au/~987654321/impact_of_rfc_on_dns_spoofing.pdf
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail