dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · -...
Transcript of dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · -...
![Page 1: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/1.jpg)
![Page 3: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/3.jpg)
todayDomain name system (DNS)
CIDR
Border Gateway Protocol
![Page 4: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/4.jpg)
dns
![Page 5: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/5.jpg)
Whichoneiseasiertoremember?
54.239.25.208172.111.64.12474.125.193.1623.235.40.6517.172.100.13128.105.123.66
IPaddresses
www.amazon.comtheverge.com
googlemail-smtp.l.google.comhosted-cdn.statuspage.iop05-calendars.icloud.com
print-gw.cs.wisc.edu
DomainName
DomainNameSystem(DNS)translatesdomainnames->IPaddresses
![Page 6: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/6.jpg)
Hierarchicaldomainnamespace
cs ece
www
ICANN(InternetCorporationforAssignedNamesandNumbers)
rootnameserversandauthoritativenameservers
Zone:subtree
SecondLeveldomainswisc umich pepperdine
TopLeveldomains(TLD)org net edu com io ca
root
![Page 7: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/7.jpg)
NameServers
[http://en.wikipedia.org/wiki/File:An_example_of_theoretical_DNS_recursion.svg]
Authoritative name serversProgrammedbyanoriginalsourceRecursivelyhuntsdownananswer
Recurser
![Page 8: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/8.jpg)
Caching
• DNSserverswillcacheresponses– Bothnegativeandpositiveresponses
– Speedsupqueries
– Entriesexpireperiodically.Time-to-live(TTL)setbydataowner
![Page 9: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/9.jpg)
ExampleDNSquerytypes
A IPv4address
AAAA IPv6address
NS nameserver
TXT humanreadabletext
MX mailexchange
![Page 10: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/10.jpg)
DNSpacketonwire
QueryIDis16-bitrandomvalue
![Page 11: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/11.jpg)
QueryfromresolvertoNS
![Page 12: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/12.jpg)
Response contains IP addr of next NS server (called “glue”)
Response ignored if unrecognized QueryID
![Page 13: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/13.jpg)
![Page 14: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/14.jpg)
bailiwickchecking:responseiscachedifitiswithinthesamedomainofquery(i.e.a.comcannotsetNSforb.com)
![Page 15: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/15.jpg)
DNSSecurity
• Whatsecuritychecksareinplace?– RandomqueryID’stolinkresponsestoqueries
– Bailiwickchecking(sanitycheckonresponse)
• Noauthentication
• Manythingstrusthostname↔IPmapping– Browsersame-originpolicy
– URLaddressbar
– Everyapplicationthataccessestheinternet
![Page 16: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/16.jpg)
DNSsec• AuthenticatedDNSprotocol• UsedbyTLDs:)
• Butnooneelse:(
[https://www.huque.com/app/dnsstat/]retrieved:April6,2016
![Page 17: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/17.jpg)
Whatareobviousproblems?
• Corruptednameservers
• Intercept&manipulaterequests(on-pathactiveattacker)
• Otherobviousproblems?
![Page 18: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/18.jpg)
DNScachepoisoning
Internet
VictimDNSserver
Clientsbankofamerica.com10.1.1.1
Attackersite10.9.9.99
Howmightanattackerdothis?Whatsecurityfeaturesmustanattackerovercome?
.comNS
• Packetspoofing• GuessUDPport• GuessQID
AssumepredictableUDPportAssumeSRCportspoofing
think-pair-share
![Page 19: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/19.jpg)
![Page 20: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/20.jpg)
Anotheridea:-PoisoncacheforNSrecordinstead-Nowcantakeoverallofsecondleveldomain
Howmanytriesdoesthisrequire?- Try256differentQIDs- Goodchanceofsuccess
![Page 21: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/21.jpg)
![Page 22: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/22.jpg)
Defenses
• QueryIDsizeisfixedat16bits• RepeateachquerywithfreshQueryID
– Doublesthespace
• RandomizeUDPports• DNSsec
– CryptographicallysignDNSresponses,verifyviachainoftrustfromrootsondown
• Otherproblems?
![Page 23: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/23.jpg)
Phishingiscommonproblem
• Typosquatting:• www.LansdEnd.com• www.goggle.com• secure.bank0fAmerica.com• wíkipedia.org
• Phishingattacks– Trickusersintothinkingamaliciousdomainnameistherealone
![Page 24: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/24.jpg)
ip routing
![Page 25: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/25.jpg)
CIDRaddressing
backbone
ISP1 ISP2
Prefixesusedtosetuphierarchicalrouting: -Anorganizationassigneda.b.c.d/x -Itmanagesaddressesprefixedbya.b.c.d/x
…1111001
10110…1110000
5.6.7.8
10110…1111000
…1111011
10110…1100011
Classlessinter-domainrouting(CIDR)
Network prefix MSBs Host address
x LSBs
![Page 26: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/26.jpg)
Routing
AS att.net
ASwisc.edu
AScharter.net
Autonomoussystems(AS)areorganizationalbuildingblocks -CollectionofIPprefixesundersingleroutingpolicy -wisc.eduWithinAS,mightuseRIP(RoutingInformationProtocol)BetweenAS,useBGP(BorderGatewayProtocol)
…1111001
10110…1110000
5.6.7.8
10110…1111000
…1111011
10110…1100011
![Page 27: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/27.jpg)
ASCategories
• Stub:connectedtoonlyonotherAS
• Multi-homed:connectedtomultipleotherAS
• Transit:routestrafficthroughit'sASforotherAS's
3 4
6 57
1
8 2
![Page 28: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/28.jpg)
BGPandrouting
defense.gov
wisc.edu charter.net
BGP(exteriorBGP)OSPFwithinAS’s(Openshortest-pathfirst)
![Page 29: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/29.jpg)
BorderGatewayProtocol(BGP)
• Policy-basedrouting– AScansetpolicyabouthowtoroute
• economic,security,politicalconsiderations
• BGProutersuseTCPconnectionstotransmitroutinginformation
• Iterativeannouncementofroutes
![Page 30: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/30.jpg)
BGPexample
• 2,7,3,6areTransitAS• 8,1areStubAS• 4,5multihomedAS• AlgorithmseemstoworkOKinpractice
– BGPdoesnotrespondwelltofrequentnodeoutages
3 4
6 57
1
8 27
7
2 7
2 7
2 7
3 2 7
6 2 7
2 6 52 6 5
2 6 5
3 2 6 5
7 2 6 56 5
5
5
[D.Wetherall]
![Page 31: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/31.jpg)
• 2008:PakistanattemptstoblockYouTube– youtubeis208.65.152.0/22– youtube.com = 208.65.153.238
• PakistanISPadvertises208.65.153.0/24viaBGP– morespecific,prefixhijacking
• Internetthinksyoutube.comisinPakistan
• Outageresolvedin2hours…
![Page 32: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/32.jpg)
IPhijacking
• BGPunauthenticated– Anyonecanadvertiseanyroutes
– Falserouteswillbepropagated
• ThisallowsIPhijacking– ASannouncesitoriginatesaprefixitshouldn’t
– ASannouncesithasshorterpathtoaprefix
– ASannouncesmorespecificprefix
![Page 33: dns-bgp - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/dns-bgp.pdf · - Collection of IP prefixes under single routing policy - wisc.edu ... (exterior BGP)](https://reader031.fdocuments.in/reader031/viewer/2022022603/5b5c78867f8b9aa1428c4071/html5/thumbnails/33.jpg)
recapDNS / DNS insecurity / DNS cache poisoning / Typosquatting
CIDR, BGP / IP route hijacking
Exit slips / 1 thing you learned / 1 thing you didn't understand