Abstract
DNS poisoning attacks inject malicious entries into the DNS resolution system, allowing an attacker to redirect clients to malicious servers. These attacks typically target a DNS resolver allowing attackers to poison a DNS entry for all machines that use the compromised resolver. However, recent defenses can effectively protect resolvers rendering classical DNS poisoning attacks ineffective. In this paper, we present a new class of DNS poisoning attacks targeting the client-side DNS cache. The attack initiates DNS poisoning on the client cache, which is used in all main stream operating systems to improve DNS performance, circumventing defenses targeting resolvers. Our attack allows an off-path attacker to collaborate with a piece of an unprivileged malware to poison the OS-wide DNS cache on a client machine. We developed the attack on Windows, Mac OS, and Ubuntu Linux. Interestingly, the behaviors of the three operating systems are distinct and the vulnerabilities require different strategies to exploit. We also generalize the attack to work even when the client is behind a Network Address Translation (NAT) router. Our results show that we can reliably inject malicious DNS mappings, with on average, an order of tens of seconds. Finally, we propose a defense against this type of poisoning attacks.
Original language | English (US) |
---|---|
Title of host publication | INFOCOM 2019 - IEEE Conference on Computer Communications |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 1153-1161 |
Number of pages | 9 |
ISBN (Electronic) | 9781728105154 |
DOIs | |
State | Published - Apr 2019 |
Event | 2019 IEEE Conference on Computer Communications, INFOCOM 2019 - Paris, France Duration: Apr 29 2019 → May 2 2019 |
Publication series
Name | Proceedings - IEEE INFOCOM |
---|---|
Volume | 2019-April |
ISSN (Print) | 0743-166X |
Conference
Conference | 2019 IEEE Conference on Computer Communications, INFOCOM 2019 |
---|---|
Country/Territory | France |
City | Paris |
Period | 4/29/19 → 5/2/19 |
Bibliographical note
Publisher Copyright:© 2019 IEEE.