3. Quick and Dirty
Introductions are
something that I
created at my
last employer to
describe in simple
language a pretty
complex
Information
Security concept.
-AB
4. …. The orginals
are naturally the
intellectual
property of the
company but now
that I am doing
them in my free
time, these are
released under
creative commons.
5. Quick definitions:
DDOS –
distributed denial of Service
You offer a service and
someone maliciously overuses
the service making it
impossible for genuine users
to access the service. The
attacker uses different
routes to be more
effective. There may be
several attackers.
6. Quick definitions:
DNS–
Domain Name Service
The distributed service that
the Internet uses to
convert Human Friendly
names to computer friendly
IP addresses so you don’t
have to remember that
www.google.com.au may be
accessed at
74.125.237.152
7. Critical Understanding:
How DNS Actually Works.
DNS is distributed. When
you look up
www.example.com.au first
your PC looks for “who
knows about .au”? then
“who knows about .com.au?”
then “who knows about
“example.com.au?” then
“who knows about
“www.example.com.au?”
8. Critical Understanding:
How DNS Actually Works.
DNS is distributed.
I need
“www.example.com.au”
I know who knows “.au”
I know who knows
“.com.au”
I know who knows
“example.com.au”
I know who knows
“www.example.com.au”
www.example.com.au
is 1.2.3.4
9. Critical Understanding:
How DNS Actually Works.
To speed things up a DNS
entry can be cached so if
someone asks for the same
site then they don’t have to
go through the whole
process.
Also, to make the
networking easier – you can
use an “agent” server to do
all of this for you so you
only query one server.
10. Critical Understanding:
How DNS Actually Works.
The important bit:
DNS is asynchronous. So
although a session usually
consists of a request and an
answer – there is no time
taken to set up the session.
It would slow down the
Internet too much.
DNS servers don’t
know for sure who
performed the
query.
11. Critical Understanding:
The Planning
Compromised Huge DNS
Attacker sets up a long
DNS Server Entry
DNS entry – the longer, the
better.
He uses a compromised DNS
Server to do this.
DNS can be used for
storing text messages and
this is one popular method
for creating huge DNS
entries.
12. Critical Understanding:
The Planning
Compromised Huge DNS
Attacker finds a number of
DNS Server Entry
DNS Servers that are badly
configured. They will pass
on recursive DNS entries to
anyone. Recursive
DNS Servers
It is fairly simple to find
these servers on the
Internet.
The more the attacker can
find and use – the better
for the attack.
13. Critical Understanding:
The Attack
Attacker queries the
recursive DNS servers
asking for the large DNS
entry.
But he doesn’t use his own
IP address. He uses the
target IP address.
To be more effective he
can enlist the help of
several (willing or unwilling)
accomplices.
To be effective the
attacker needs to send
14. Compromised Huge DNS
DNS Server Entry
Recursive
DNS Servers
STEP 1
Attacker sends
multiple small DNS
queries to
recursive DNS
Servers
15. STEP 2
The recursive
DNS Servers
Compromised send small
DNS Server queries to
the
compromised
DNS Server.
The Huge
DNS entry is
returned.
Recursive
DNS Servers
16. Recursive DNS
Servers
STEP 3
The recursive DNS Servers
send the large DNS
entry to the target
System each time
the attacker sends a
request.
17. Recursive DNS
Servers
STEP 3b
More attackers
(distributed)
means more
Traffic.
18. Critical Understanding:
Why ?
For each small DNS request
that the attacker performs,
a huge response is sent to
the target network.
This ends up being a very
effective way to block up a
network with very little
impact on the attacker’s
own network.
The DNS servers are
actualy working quit4e
normally.They are receiving
requests and sending
responses. They don’t know
that they are sending them
19. Image License
All pictures are distributed
either under Creative
Commons license or “stock
exchange default license” so
they may be redistributed.
Image Sources:
Crowd
photo by James Cridland on
Flickr
http://www.sxc.hu/photo/1
82229
http://www.sxc.hu/photo/2
11248
http://openiconlibrary.sourc
eforge.net
20. License
Feel free to redistribute
this document and make
changes but please credit
me, Allen Baranov with the
original.
Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0)