Corpus ID: 14337800

Fragmentation Considered Poisonous

@article{Herzberg2012FragmentationCP,
  title={Fragmentation Considered Poisonous},
  author={A. Herzberg and Haya Shulman},
  journal={ArXiv},
  year={2012},
  volume={abs/1205.4011}
}
We present practical poisoning and name-server block- ing attacks on standard DNS resolvers, by off-path, spoofing adversaries. Our attacks exploit large DNS responses that cause IP fragmentation; such long re- sponses are increasingly common, mainly due to the use of DNSSEC. In common scenarios, where DNSSEC is partially or incorrectly deployed, our poisoning attacks allow 'com- plete' domain hijacking. When DNSSEC is fully de- ployed, attacker can force use of fake name server; we show… Expand
29 Citations
Fragmentation Considered Poisonous, or: One-domain-to-rule-them-all.org
  • 67
Fragmentation Considered Vulnerable
  • 18
  • PDF
Connection-Oriented DNS to Improve Privacy and Security
  • 69
  • Highly Influenced
  • PDF
T-DNS: Connection-Oriented DNS to Improve Privacy and Security (extended)
  • 6
  • Highly Influenced
  • PDF
Off-Path Hacking: The Illusion of Challenge-Response Authentication
  • 21
  • PDF
The Impact of DNSSEC on the Internet Landscape
  • 1
  • PDF
RPKI vs ROVER: comparing the risks of BGP security solutions
  • 4
  • PDF
...
1
2
3
...

References

SHOWING 1-10 OF 75 REFERENCES
Fragmentation Considered Vulnerable: Blindly Intercepting and Discarding Fragments
  • 21
  • PDF
Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries
  • 107
  • PDF
A Security Evaluation of DNSSEC with NSEC3
  • 55
  • Highly Influential
  • PDF
WSEC DNS: Protecting recursive DNS resolvers from poisoning attacks
  • 53
  • PDF
Perils of transitive trust in the domain name system
  • 95
  • Highly Influential
  • PDF
Puppetnets: misusing web browsers as a distributed attack infrastructure
  • 22
Improving robustness of DNS to software vulnerabilities
  • 6
Security of Patched DNS
  • 57
  • PDF
...
1
2
3
4
5
...