features免费dns
免费dns 时间:2021-04-20 阅读:()
IntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBPassiveDNSHardeningRobertEdmondsInternetSystemsConsortium,Inc.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIEStructureofthistalkIntroductionDNSPassiveDNSISCSIEDNSsecurityissuesKashpurepoisoningKaminskypoisoningPassiveDNSsecurityissuesRecordinjectionResponsespoongISCDNSDBArchitectureDemosRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIETheDomainNameSystem"TheDNSmapshostnamestoIPaddresses.
"Moregenerally,itmaps(key,type)tuplestoasetofunorderedvalues.
again,wecanthinkoftheDNSasbasicallyamulti-valuedistributedkey-valuestore.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIEClients,caches,contentClientsrequestfullresolutionservicefromcaches.
CachesmakezeroormoreinquiriestoDNScontentserversonbehalfofclients.
Resultsarecachedforalimitedtimetoservefutureclientrequests.
ContentnameserversserveDNSrecordsforzonesthathavebeendelegatedtothem.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIERobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIEClient-serverandinter-serverDNSprotocolsTheDNSisactuallytwodierentprotocolsthatshareacommonwireformat.
Theclient-to-serverprotocolspokenbetweenclientsandcaches.
Theinter-serverprotocolspokenbetweencachesandcontentservers.
PassiveDNSfocusesonthelatter.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIEPassiveDNSPassiveDNSreplicationisatechnologyinventedin2004byFlorianWeimer.
Manyuses!
Malware,e-crime,legitimateInternetservicesallusetheDNS.
Inter-serverDNSmessagesarecapturedbysensorsandforwardedtoacollectionpointforanalysis.
Afterbeingprocessed,individualDNSrecordsarestoredinadatabase.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIERobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIEPassiveDNSdeploymentsFlorianWeimer'soriginaldnslogger,rstatRUS-CERT,thenatBFK.
de(2004–).
BojanZdrnja'sdnsparse(2006–).
ISC'sSecurityInformationExchange(2007–).
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIEISCSecurityInformationExchangeSIEisadistributionnetworkfordierenttypesofsecuritydata.
OneofthosetypesofdataispassiveDNS.
SensoroperatorsuploadbatchesofdatatoSIE.
DataisbroadcastontoprivateVLANs.
NMSGformatisusedtoencapsulatedata.
HasanumberoffeatureswhichmakeitveryusefulforstoringpassiveDNSdata,butwon'tbecoveredfurther.
SeeourGoogleTechTalkformoreinformation:http://www.
isc.
org/community/presentations/video.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningDNSSecurityIssuesPassiveDNScapturesbothsignedandunsigneddata,soDNSSECcannothelpus.
WhatsecurityissuesarethereintheDNSthatarerelevanttopassiveDNSKashpurepoisoningKaminskypoisoning(Actually,justresponsespoongingeneral.
)RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningKashpurepoisoningKashpurepoisoningisthenamegiventoaparticulartypeofDNScachepoisoning.
Theattackerrunsacontentnameserver.
Aclientisenticedtolookupadomainnameundertheattacker'scontrol.
Thecachecontactstheattacker'snameserver.
Theattacker'snameserverprovidesextrarecordstothecache.
Theextrarecordsareinsertedintothecacheinsteadofbeingdiscarded.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningKashpurepoisoningexampleQ:malicious.
example.
com.
INAR:malicious.
example.
com.
INNSwww.
example.
net.
R:www.
example.
net.
INA203.
0.
113.
67RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningKashpurepoisoningexampleQ:malicious.
example.
com.
INAR:malicious.
example.
com.
INNSwww.
example.
net.
R:www.
example.
net.
INA203.
0.
113.
67RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningKashpurepoisoningexampleQ:malicious.
example.
com.
INAR:malicious.
example.
com.
INNSwww.
example.
net.
R:www.
example.
net.
INA203.
0.
113.
67RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningKashpurehardening1997:EugeneKashpurehijackstheInterNICwebsite.
BIND4.
9.
6and8.
1.
1introducehardeningagainstKashpurepoisoning.
RFC2181ispublished.
See§5.
4.
1"Rankingdata"fordetails.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningLackofentropy2000:DJBobservesthatamaximumofonlyabout31-32bitsofentropycanprotectaUDPDNSquery.
OtherDNSimplementationsslowtoadoptSPR.
32bitsofentropyparticularlyweakforasessionIDduetothebirthdayattackproblem.
NewerprotocolsusecryptographicallysecuresessionIDswith64,128,ormorebits.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningKaminskypoisoning2008:DanKaminskynoticesthattheTTLcanbebypassed.
Coordinated,multi-vendorpatchesarereleasedtoimplementsourceportrandomization.
SPRmakesKaminskyattacksharder,butnotimpossible.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstageRelevancetopassiveDNSWeimer's2005papernotesseveralproblemswithverifyingpassiveDNSdata.
KashpureandKaminskypoisoningof"activeDNS"haveanaloguesinpassiveDNS.
PassiveDNSsensorscan'tseetheDNScache's"bailiwick",leadingtorecordinjection.
Spoofedresponsesaretreatedjustlikenormalresponses.
AsinglespoofedresponsecanpoisonthepassiveDNSdatabase!
Goal:makepassiveDNSatleastasreliableasactiveDNS.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstageProtectingthecapturestageagainstresponsespoongCapturebothqueriesandresponses.
Correlateresponseswithpreviouslyseenqueries.
TheDNSmessage9-tuple:1.
InitiatorIPaddress2.
Initiatorport3.
TargetIPaddress4.
Targetport5.
Internetprotocol6.
DNSID7.
Queryname8.
Querytype9.
QueryclassRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagenmsg/dnsqrdnsqrisamessagemoduleforISC'slibnmsgspecicallydesignedforpassiveDNScapture.
UDPDNStransactionsareclassiedintothreecategories:1.
UDPQUERYRESPONSE2.
UDPUNANSWEREDQUERY3.
UDPUNSOLICITEDRESPONSEPerformsIPreassembly,too!
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstageProtectingtheanalysisstageagainstrecordinjectionCachesinternallyassociatea"bailiwick"witheachoutgoingquery.
Thecacheknowswhatbailiwicktouse,becauseitknowswhyit'ssendingaparticularquery.
Wehavetocalculatethebailiwickourselves.
Protectionagainstrecordinjectionrequiresprotectionagainstspoofedresponses.
(Otherwise,anattackercouldjustspooftherecordandthesourceIPaddressofanin-bailiwicknameserver.
)RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmMustoperatecompletelypassively.
Mustprovideabooleantrueorfalseforeachrecord.
"Foreachrecordname,istheresponseIPaddressanameserverforthezonethatcontainsorcancontainthisname"Example:rootnameserverscanassertknowledgeaboutanyname!
Example:Verisign'sgtldserverscanassertknowledgeaboutanydomainnameendingin.
comor.
net.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmInitializebailiwickcachewithacopyoftherootzone.
CachestartsowithknowledgeofwhichserversservetherootandTLDs.
Findallpotentialzonesthatanamecouldbelocatedin.
Checkwhetheranyofthenameserversforthosezonesarethenameserverthatsenttheresponse.
EachtimeanNS,A,orAAAArecordisveriedbythealgorithm,itisinsertedintothebailiwickcache.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmexampleName:example.
com.
Server:192.
5.
6.
30Potentialzones:example.
com.
com.
.
Zonesinbailiwickcache:com.
.
Check:example.
com.
/NSNotfound.
Check:com.
/NSFound13nameservers.
Check:areanyofthem192.
5.
6.
30Yes.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmexamplecom.
INNSa.
gtldservers.
net.
a.
gtldservers.
net.
INA192.
5.
6.
30RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmexample;;QUESTIONSECTION:;www.
example.
com.
INA;;AUTHORITYSECTION:example.
com.
172800INNSa.
ianaservers.
net.
example.
com.
172800INNSb.
ianaservers.
net.
;;ADDITIONALSECTION:a.
ianaservers.
net.
172800INA192.
0.
34.
43b.
ianaservers.
net.
172800INA193.
0.
0.
236;;SERVER:192.
5.
6.
30#53(192.
5.
6.
30)RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmexample;;QUESTIONSECTION:;www.
example.
com.
INA;;ANSWERSECTION:www.
example.
com.
172800INA192.
0.
32.
10;;AUTHORITYSECTION:example.
com.
172800INNSa.
ianaservers.
net.
example.
com.
172800INNSb.
ianaservers.
net.
;;SERVER:192.
0.
34.
43#53(192.
0.
34.
43)RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmexampleName:www.
example.
com.
Server:192.
0.
34.
43Potentialzones:www.
example.
com.
example.
com.
com.
.
Zonesinbailiwickcache:example.
com.
com.
.
Check:www.
example.
com.
/NSNotfound.
Check:example.
com.
/NSFound2nameservers.
Check:areanyofthem192.
0.
34.
43Yes.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesDNSDBDNSDBisadatabaseforstoringDNSrecords.
DataisloadedfrompassiveDNSandzoneles.
IndividualDNSrecordsarestoredinanApacheCassandradatabase.
Oerskey-valuestoredistributedacrossmultiplemachines.
GoodtforDNSdata.
Sustainsextremelyhighwritethroughputbecauseallwritesaresequential.
OersaRESTfulHTTPAPIandwebsearchinterface.
Databasecurrentlyconsumesabout500GBoutof27TB.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesArchitectureComponentsDatasourcesnmsg-dns-cacheDNSTLDzones(FTPviaZFAprograms):com,net,org,etc.
DNSzones(standardAXFR/IXFRprotocol)DataloadersDeduplicatedpassiveDNSZoneledataRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesDatasource:nmsg-dns-cacheReadsrawDNSresponsesfrompassiveDNS.
ParseseachDNSmessageintoindividualDNSRRsets.
Seriesofltersreducethetotalamountofdatabyabout50%.
RRsetsaretheninsertedintoanin-memorycache.
CacheisexpiredinFIFOorder.
WhenRRsetsexpirefromthecache,theyformthenalnmsg-dns-cacheoutput.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesDatasource:zonelesgTLDZoneFileAccessprograms:com,net,org,info,biz,nameAXFR'dzones:isc.
org,afewother"test"zones.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesExample#1:*.
google.
comRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesRobertEdmondsPassiveDNSHardening
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIEStructureofthistalkIntroductionDNSPassiveDNSISCSIEDNSsecurityissuesKashpurepoisoningKaminskypoisoningPassiveDNSsecurityissuesRecordinjectionResponsespoongISCDNSDBArchitectureDemosRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIETheDomainNameSystem"TheDNSmapshostnamestoIPaddresses.
"Moregenerally,itmaps(key,type)tuplestoasetofunorderedvalues.
again,wecanthinkoftheDNSasbasicallyamulti-valuedistributedkey-valuestore.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIEClients,caches,contentClientsrequestfullresolutionservicefromcaches.
CachesmakezeroormoreinquiriestoDNScontentserversonbehalfofclients.
Resultsarecachedforalimitedtimetoservefutureclientrequests.
ContentnameserversserveDNSrecordsforzonesthathavebeendelegatedtothem.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIERobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIEClient-serverandinter-serverDNSprotocolsTheDNSisactuallytwodierentprotocolsthatshareacommonwireformat.
Theclient-to-serverprotocolspokenbetweenclientsandcaches.
Theinter-serverprotocolspokenbetweencachesandcontentservers.
PassiveDNSfocusesonthelatter.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIEPassiveDNSPassiveDNSreplicationisatechnologyinventedin2004byFlorianWeimer.
Manyuses!
Malware,e-crime,legitimateInternetservicesallusetheDNS.
Inter-serverDNSmessagesarecapturedbysensorsandforwardedtoacollectionpointforanalysis.
Afterbeingprocessed,individualDNSrecordsarestoredinadatabase.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIERobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIEPassiveDNSdeploymentsFlorianWeimer'soriginaldnslogger,rstatRUS-CERT,thenatBFK.
de(2004–).
BojanZdrnja'sdnsparse(2006–).
ISC'sSecurityInformationExchange(2007–).
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBDNSPassiveDNSISCSIEISCSecurityInformationExchangeSIEisadistributionnetworkfordierenttypesofsecuritydata.
OneofthosetypesofdataispassiveDNS.
SensoroperatorsuploadbatchesofdatatoSIE.
DataisbroadcastontoprivateVLANs.
NMSGformatisusedtoencapsulatedata.
HasanumberoffeatureswhichmakeitveryusefulforstoringpassiveDNSdata,butwon'tbecoveredfurther.
SeeourGoogleTechTalkformoreinformation:http://www.
isc.
org/community/presentations/video.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningDNSSecurityIssuesPassiveDNScapturesbothsignedandunsigneddata,soDNSSECcannothelpus.
WhatsecurityissuesarethereintheDNSthatarerelevanttopassiveDNSKashpurepoisoningKaminskypoisoning(Actually,justresponsespoongingeneral.
)RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningKashpurepoisoningKashpurepoisoningisthenamegiventoaparticulartypeofDNScachepoisoning.
Theattackerrunsacontentnameserver.
Aclientisenticedtolookupadomainnameundertheattacker'scontrol.
Thecachecontactstheattacker'snameserver.
Theattacker'snameserverprovidesextrarecordstothecache.
Theextrarecordsareinsertedintothecacheinsteadofbeingdiscarded.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningKashpurepoisoningexampleQ:malicious.
example.
com.
INAR:malicious.
example.
com.
INNSwww.
example.
net.
R:www.
example.
net.
INA203.
0.
113.
67RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningKashpurepoisoningexampleQ:malicious.
example.
com.
INAR:malicious.
example.
com.
INNSwww.
example.
net.
R:www.
example.
net.
INA203.
0.
113.
67RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningKashpurepoisoningexampleQ:malicious.
example.
com.
INAR:malicious.
example.
com.
INNSwww.
example.
net.
R:www.
example.
net.
INA203.
0.
113.
67RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningKashpurehardening1997:EugeneKashpurehijackstheInterNICwebsite.
BIND4.
9.
6and8.
1.
1introducehardeningagainstKashpurepoisoning.
RFC2181ispublished.
See§5.
4.
1"Rankingdata"fordetails.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningLackofentropy2000:DJBobservesthatamaximumofonlyabout31-32bitsofentropycanprotectaUDPDNSquery.
OtherDNSimplementationsslowtoadoptSPR.
32bitsofentropyparticularlyweakforasessionIDduetothebirthdayattackproblem.
NewerprotocolsusecryptographicallysecuresessionIDswith64,128,ormorebits.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBKashpurepoisoningKaminskypoisoningKaminskypoisoning2008:DanKaminskynoticesthattheTTLcanbebypassed.
Coordinated,multi-vendorpatchesarereleasedtoimplementsourceportrandomization.
SPRmakesKaminskyattacksharder,butnotimpossible.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstageRelevancetopassiveDNSWeimer's2005papernotesseveralproblemswithverifyingpassiveDNSdata.
KashpureandKaminskypoisoningof"activeDNS"haveanaloguesinpassiveDNS.
PassiveDNSsensorscan'tseetheDNScache's"bailiwick",leadingtorecordinjection.
Spoofedresponsesaretreatedjustlikenormalresponses.
AsinglespoofedresponsecanpoisonthepassiveDNSdatabase!
Goal:makepassiveDNSatleastasreliableasactiveDNS.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstageProtectingthecapturestageagainstresponsespoongCapturebothqueriesandresponses.
Correlateresponseswithpreviouslyseenqueries.
TheDNSmessage9-tuple:1.
InitiatorIPaddress2.
Initiatorport3.
TargetIPaddress4.
Targetport5.
Internetprotocol6.
DNSID7.
Queryname8.
Querytype9.
QueryclassRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagenmsg/dnsqrdnsqrisamessagemoduleforISC'slibnmsgspecicallydesignedforpassiveDNScapture.
UDPDNStransactionsareclassiedintothreecategories:1.
UDPQUERYRESPONSE2.
UDPUNANSWEREDQUERY3.
UDPUNSOLICITEDRESPONSEPerformsIPreassembly,too!
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstageProtectingtheanalysisstageagainstrecordinjectionCachesinternallyassociatea"bailiwick"witheachoutgoingquery.
Thecacheknowswhatbailiwicktouse,becauseitknowswhyit'ssendingaparticularquery.
Wehavetocalculatethebailiwickourselves.
Protectionagainstrecordinjectionrequiresprotectionagainstspoofedresponses.
(Otherwise,anattackercouldjustspooftherecordandthesourceIPaddressofanin-bailiwicknameserver.
)RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmMustoperatecompletelypassively.
Mustprovideabooleantrueorfalseforeachrecord.
"Foreachrecordname,istheresponseIPaddressanameserverforthezonethatcontainsorcancontainthisname"Example:rootnameserverscanassertknowledgeaboutanyname!
Example:Verisign'sgtldserverscanassertknowledgeaboutanydomainnameendingin.
comor.
net.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmInitializebailiwickcachewithacopyoftherootzone.
CachestartsowithknowledgeofwhichserversservetherootandTLDs.
Findallpotentialzonesthatanamecouldbelocatedin.
Checkwhetheranyofthenameserversforthosezonesarethenameserverthatsenttheresponse.
EachtimeanNS,A,orAAAArecordisveriedbythealgorithm,itisinsertedintothebailiwickcache.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmexampleName:example.
com.
Server:192.
5.
6.
30Potentialzones:example.
com.
com.
.
Zonesinbailiwickcache:com.
.
Check:example.
com.
/NSNotfound.
Check:com.
/NSFound13nameservers.
Check:areanyofthem192.
5.
6.
30Yes.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmexamplecom.
INNSa.
gtldservers.
net.
a.
gtldservers.
net.
INA192.
5.
6.
30RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmexample;;QUESTIONSECTION:;www.
example.
com.
INA;;AUTHORITYSECTION:example.
com.
172800INNSa.
ianaservers.
net.
example.
com.
172800INNSb.
ianaservers.
net.
;;ADDITIONALSECTION:a.
ianaservers.
net.
172800INA192.
0.
34.
43b.
ianaservers.
net.
172800INA193.
0.
0.
236;;SERVER:192.
5.
6.
30#53(192.
5.
6.
30)RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmexample;;QUESTIONSECTION:;www.
example.
com.
INA;;ANSWERSECTION:www.
example.
com.
172800INA192.
0.
32.
10;;AUTHORITYSECTION:example.
com.
172800INNSa.
ianaservers.
net.
example.
com.
172800INNSb.
ianaservers.
net.
;;SERVER:192.
0.
34.
43#53(192.
0.
34.
43)RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBRelevanceCapturestageAnalysisstagePassiveDNSbailiwickalgorithmexampleName:www.
example.
com.
Server:192.
0.
34.
43Potentialzones:www.
example.
com.
example.
com.
com.
.
Zonesinbailiwickcache:example.
com.
com.
.
Check:www.
example.
com.
/NSNotfound.
Check:example.
com.
/NSFound2nameservers.
Check:areanyofthem192.
0.
34.
43Yes.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesDNSDBDNSDBisadatabaseforstoringDNSrecords.
DataisloadedfrompassiveDNSandzoneles.
IndividualDNSrecordsarestoredinanApacheCassandradatabase.
Oerskey-valuestoredistributedacrossmultiplemachines.
GoodtforDNSdata.
Sustainsextremelyhighwritethroughputbecauseallwritesaresequential.
OersaRESTfulHTTPAPIandwebsearchinterface.
Databasecurrentlyconsumesabout500GBoutof27TB.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesArchitectureComponentsDatasourcesnmsg-dns-cacheDNSTLDzones(FTPviaZFAprograms):com,net,org,etc.
DNSzones(standardAXFR/IXFRprotocol)DataloadersDeduplicatedpassiveDNSZoneledataRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesDatasource:nmsg-dns-cacheReadsrawDNSresponsesfrompassiveDNS.
ParseseachDNSmessageintoindividualDNSRRsets.
Seriesofltersreducethetotalamountofdatabyabout50%.
RRsetsaretheninsertedintoanin-memorycache.
CacheisexpiredinFIFOorder.
WhenRRsetsexpirefromthecache,theyformthenalnmsg-dns-cacheoutput.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesDatasource:zonelesgTLDZoneFileAccessprograms:com,net,org,info,biz,nameAXFR'dzones:isc.
org,afewother"test"zones.
RobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesExample#1:*.
google.
comRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesRobertEdmondsPassiveDNSHardeningIntroductionDNSSecurityIssuesPassiveDNShardeningDNSDBArchitectureExamplesRobertEdmondsPassiveDNSHardening
- features免费dns相关文档
- IP免费dns
- disrupt免费dns
- 支持免费dns
- Users免费dns
- 域名免费dns
- drop免费dns
Cloudxtiny:£1.5/月,KVM-512MB/100GB/英国机房
Cloudxtiny是一家来自英国的主机商,提供VPS和独立服务器租用,在英国肯特自营数据中心,自己的硬件和网络(AS207059)。商家VPS主机基于KVM架构,开设在英国肯特机房,为了庆祝2021年欧洲杯决赛英格兰对意大利,商家为全场VPS主机提供50%的折扣直到7月31日,优惠后最低套餐每月1.5英镑起。我们对这场比赛有点偏见,但希望这是一场史诗般的决赛!下面列出几款主机套餐配置信息。CPU...
易探云330元/年,成都4核8G/200G硬盘/15M带宽,仅1888元/3年起
易探云服务器怎么样?易探云是国内一家云计算服务商家,致力香港云服务器、美国云服务器、国内外服务器租用及托管等互联网业务,目前主要地区为运作香港BGP、香港CN2、广东、北京、深圳等地区。目前,易探云推出的国内云服务器优惠活动,国内云服务器2核2G5M云服务器低至330元/年起;成都4核8G/200G硬盘/15M带宽,仅1888元/3年起!易探云便宜vps服务器配置推荐:易探云vps云主机,入门型云...
SunthyCloud阿里云国际版分销商注册教程,即可PayPal信用卡分销商服务器
阿里云国际版注册认证教程-免绑卡-免实名买服务器安全、便宜、可靠、良心,支持人民币充值,提供代理折扣简介SunthyCloud成立于2015年,是阿里云国际版正规战略级渠道商,也是阿里云国际版最大的分销商,专业为全球企业客户提供阿里云国际版开户注册、认证、充值等服务,通过SunthyCloud开通阿里云国际版只需要一个邮箱,不需要PayPal信用卡就可以帮你开通、充值、新购、续费阿里云国际版,服务...
免费dns为你推荐
-
wordpress模板wordpress 模板和wordpress主题有什么不同建企业网站建立一个企业网站要多少费用cisco2960配置思科2960G交换机如何将配置百兆改为千兆配置企业信息查询系统官网怎么查企业信息是否在网上公示过字节跳动回应TikTok易主贾斯汀比伯的confident他在mv女主说了什么,大神回复,采纳大飞资讯伯乐资讯是什么公司大飞资讯单仁资讯集团怎么样科创板首批名单江苏北人的机器人在同行中的评价怎么样?123456hd有很多App后面都有hd是什么意思灌水机什么是论坛灌水机?在哪里可以下载到呢?