第五讲网络协议弱点讲解.pptVIP

DNS Root Name Servers Hierarchical service Root name servers for top-level domains Authoritative name servers for subdomains Local name resolvers contact authoritative servers when they do not know a name DNS Lookup Example Client Local DNS resolver root edu DNS server DNS server NS NS A www=IPaddr DNS server DNS record types (partial list): - NS: name server (points to other server) - A: address record (contains IP address) - MX: address in charge of handling email - TXT: generic text (e.g. used to distribute site public keys (DKIM) ) Caching DNS responses are cached DNS应答是缓存的 Quick response for repeated translations Useful for finding servers as well as addresses NS records for domains DNS negative queries are cached DNS找不到的结果也缓存 Save time for nonexistent sites, e.g. misspelling Cached data periodically times out 缓存数据阶段性过期 Lifetime (TTL) of data controlled by owner of data TTL passed with every record DNS Packet Query ID:询问号 16 bit random value Links response to query 用于将应答与询问对应起来 (from Steve Friedl) Resolver to NS request（NS请求） Response to resolver Response contains IP addr of next NS server (called “glue”) Response ignored if unrecognized QueryID Authoritative response to resolver final answer bailiwick checking: response is cached if it is within the same  domain of query (i.e. cannot  set NS for ) protect themselves from cache poisoning attack. 局部DNS服务器缓存DNS结果，攻击者发起访问某个网站的请求，在局部DNS发出请求后，攻击者发出冒充的应答，从而使得之后的访问被误导到攻击者设置的站点 Basic DNS Vulnerabilities Users/hosts trust the host-address mapping provided by DNS: Used as basis for many security policies: Browser same origin policy, URL address bar Obvious problems Interception of requests or compromise of DNS servers can result in incorrect or malicious responses （DNS服务器被攻占或者中途拦截请求） e.g.: hijack BGP route to spoof DNS Solution – authenticated requests/responses （对请求和应答进行认证） Provided by DNSsec … but no one uses DNSsec DNS cache poisoning (