Abstract
Recently, a new attack for poisoning the cache of Recursive DNS (RDNS) resolvers was discovered and revealed to the public. In response, major DNS vendors released a patch to their software. However, the released patch does not completely protect DNS servers from cache poisoning attacks in a number of practical scenarios. DNSSEC seems to offer a definitive solution to the vulnerabilities of the DNS protocol, but unfortunately DNSSEC has not yet been widely deployed. In this paper, we proposeWild-card SECure DNS (WSEC DNS), a novel solution to DNS cache poisoning attacks. WSEC DNS relies on existing properties of the DNS protocol and is based on wild-card domain names. We show that WSEC DNS is able to decrease the probability of success of cache poisoning attacks by several orders of magnitude. That is, with WSEC DNS in place, an attacker has to persistently run a cache poisoning attack for years, before having a non-negligible chance of success. Furthermore, WSEC DNS offers complete backward compatibility to DNS servers that may for any reason decide not to implement it, therefore allowing an incremental large-scale deployment. Contrary to DNSSEC, WSEC DNS is deployable immediately because it does not have the technical and political problems that have so far hampered a large-scale deployment of DNSSEC.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2009 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2009 |
Pages | 3-12 |
Number of pages | 10 |
DOIs | |
Publication status | Published - 25 Nov 2009 |
Externally published | Yes |
Event | 2009 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2009 - Lisbon, Portugal Duration: 29 Jun 2009 → 2 Jul 2009 |
Conference
Conference | 2009 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2009 |
---|---|
Country | Portugal |
City | Lisbon |
Period | 29/06/09 → 2/07/09 |
ASJC Scopus subject areas
- Software
- Hardware and Architecture
- Computer Networks and Communications