The Domain Name System (DNS) is a protocol supporting name resolution from Fully Qualified Domain Names (FQDNs) to the IP address of the machines corresponding to them. This resolution process is critical to the operation of the Internet, but is susceptible to a range of attacks. One of the most dangerous attack vectors is DNS poisoning where an attacker injects malicious entries into the DNS resolution forcing clients to be redirected from legitimate to malicious servers. Typically, poisoning attacks target a DNS resolver allowing attackers to poison a DNS entry for all machines that use the compromised resolver. However, recent defenses protect resolvers substantially limiting these attacks. In this paper, we present a new class of DNS poisoning attacks targeting the client-side DNS cache, which is used in mainstream operating systems, circumventing defenses protecting resolvers. We implemented the attack on Windows, Mac OS, and Ubuntu Linux machines. We also generalize the attack to work even when the client is behind a Network Address Translation (NAT) router. Our results show that we can reliably inject malicious DNS mappings, with on average, an order of tens of seconds. We also propose client-side mitigations and demonstrate that they can effectively mitigate the vulnerability.
|Original language||English (US)|
|Number of pages||13|
|Journal||IEEE Transactions on Dependable and Secure Computing|
|State||Published - 2022|
Bibliographical noteFunding Information:
The work of Fatemah Alharbi was supported by Taibah University (TU) and the Saudi ArabianMinistry of Education. This work was supported by National Science Foundation under Grants CNS-1619391, CNS1652954, and CNS-1618898.
© 2004-2012 IEEE.
- Ubuntu linux
- cache poisoning
- microsoft windows
- network security