Hijacking DNS Subdomains via Subzone Registration: A Case for Signed Zones
作者: Peter ThomassenJan BenningerMarian Margraf
刊名: Open Journal of Web Technologies, 2018, Vol.5 (1), pp.6-13
来源数据库: RonPub UG
原始语种摘要: We investigate how the widespread absence of signatures in DNS (Domain Name System) delegations, in combination with a common misunderstanding with regards to the DNS specification, has led to insecure deployments of authoritative DNS servers which allow for hijacking of subdomains without the domain owner's consent. This, in turn, enables the attacker to perform effective man-in-the-middle attacks on the victim's online services, including TLS (Transport Layer Security) secured connections, without having to touch the victim's DNS zone or leaving a trace on the machine providing the compromised service, such as the web or mail server. Following the practice of responsible disclosure, we present examples of such insecure deployments and suggest remedies for the problem. Most prominently,...
全文获取路径: RonPub UG出版社 

  • DNS Distributed Network(services)System
  • insecure 不可靠的
  • victim 被害人
  • denial 否定
  • authoritative 权威
  • attacker 攻击者
  • integrity 综合性
  • hijacking 绑架
  • compromised 暴露的
  • specification 说瞄