Packet Hacking Village - "First Try" DNS Cache Poisoning with IPv4 and IPv6 Fragmentation

Cite

DEF CON

Palmer, Travis Somers, Brian

Formal Metadata

Title

Packet Hacking Village - "First Try" DNS Cache Poisoning with IPv4 and IPv6 Fragmentation

Subtitle

Or how to become the one in "one in 34 million"

Title of Series

DEF CON 27

Number of Parts

335

Author

Palmer, Travis

Somers, Brian

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/48744 (DOI)

Publisher

DEF CON

Release Date

2019

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

DNS fragmentation attacks are a more recent series of cache poisoning attacks on resolvers. Even if DNSSEC is fully implemented, an attacker can still poison various unsigned records in the response. These types of attacks are difficult but have been considered feasible over IPv4, but impossible over IPv6. Unfortunately, changes to the Linux kernel have made the entropy limiting this attack inferable off-path, poisoning on the first iteration is now possible. This talk will cover how this attack is carried out, and mitigations that can be put in place by operators of DNS servers to limit its effectiveness. Travis (Travco) Palmer is a Security Research Engineer at Cisco. Travis is a certified OSCP and OSCE who has been getting paid to either fix or break something for over seven years. He is a fan (and sometimes-contributer) of a number of simulator/sandbox video games, and keeper of too many unfinished hardware projects. Brian Somers is a Site Reliability Engineer for Cisco Umbrella (formerly OpenDNS). He specializes in large scale development on Unix-like platforms, software design & architecture, low level C development, and FreeBSD development.