Network Security: How the Internet works and some basic vulnerabilities

Network Security:

How the Internet works and

some basic vulnerabilities

IFIP TC6 Advanced Tutorials in Networking

University of Kelaniya, Sri Lanka June 23-25, 2015

2

Backbone

ISP ISP

Internet Infrastructure

Local and interdomain routing n  TCP/IP for routing and messaging

n  BGP for routing announcements

Domain Name System

TCP Protocol Stack

Application Transport Network Link Application protocol TCP protocol IP protocol Data Link IP Network Access IP protocol Data Link Application Transport Network Link

4

Data Formats

Application Transport (TCP, UDP) Network (IP) Link Layer

Application message - data

TCP data TCP data TCP data

TCP Header data TCP IP IP Header data TCP IP ETH ETF Link (Ethernet)

Header Link (Ethernet) Trailer

segment packet frame message

Internet Protocol

Connectionless

n  Unreliable

n  Best effort

Notes:

n  src and dest ports

not parts of IP hdr IP

Version Header Length

Type of Service Total Length Identification Flags Time to Live Protocol Header Checksum

Source Address of Originating Host Destination Address of Target Host

Options Padding

6

IP Routing

Typical route uses several hops

IP: no ordering or delivery guarantees

Meg Tom ISP Office gateway 121.42.33.12 132.14.11.51 Source Destination Packet 121.42.33.12 121.42.33.1 132.14.11.51 132.14.11.1

IP Protocol Functions (Summary)

Routing

n  IP host knows location of router (gateway)

n  IP gateway must know route to other networks

Fragmentation and reassembly

n  If max-packet-size less than the user-data-size

Error reporting

n  ICMP packet to source if packet is dropped

TTL field: decremented after every hop

8

Problem: no src IP authentication

Client is trusted to embed correct source IP

n  Easy to override using raw sockets

n  Libnet: a library for formatting raw packets with

arbitrary IP headers

Anyone who owns their machine can send packets with arbitrary source IP

§  … response will be sent back to forged source IP

§

 

Implications

:

(solutions in DDoS lecture)

§  Anonymous DoS attacks;

Transmission Control Protocol

Connection-oriented, preserves order

n  Sender

w  Break data into packets

w  Attach packet numbers

n  Receiver

w  Acknowledge receipt; lost packets are resent

w  Reassemble packets in correct order

TCP

Book Mail each page Reassemble book

19 1

10

TCP Header

(protocol=6)

Source Port Dest port SEQ Number ACK Number Other stuff U R G P S R A C K P S H S Y N F I N TCP Header

Review: TCP Handshake

C _S SYN: SYN/ACK: ACK: Listening Store SN_C , SN_S Wait Established SN_C←rand_C AN_C←0 SN_S←rand_S AN_S←SN_C SN_←SN_C+1 AN_←SN_S

12

Basic Security Problems

1. Network packets pass by untrusted hosts

n  Eavesdropping, packet sniffing

n  Especially easy when attacker controls a

machine close to victim (e.g. WiFi routers)

2. TCP state easily obtained by eavesdropping

n  Enables spoofing and session hijacking

3. Denial of Service (DoS) vulnerabilities

n  DDoS lecture

Why random initial sequence numbers?

Suppose initial seq. numbers (SN_C , SN_S ) are predictable:

n  Attacker can create TCP session on behalf of forged source IP

n  Breaks IP-based authentication (e.g. SPF, /etc/hosts )

w  Random seq. num. does not block attack, but makes it harder

Victim Server SYN/ACK dstIP=victim SN=server SN_S ACK srcIP=victim AN=predicted SN_S

server thinks command attacker

TCP SYN srcIP=victim

14

Example DoS vulnerability: Reset

Attacker sends a Reset packet to an open socket

n  If correct SN_S then connection will close ⇒ DoS

n  Naively, success prob. is 1/232 (32-bit seq. #’s). w  … but, many systems allow for a large window of

acceptable seq. #‘s. Much higher success probability.

n  Attacker can flood with RST packets until one works

Most effective against long lived

connections, e.g. BGP

Routing Security

16

Interdomain Routing

connected group of one or more Internet Protocol prefixes under a single routing policy (aka domain)

OSPF BGP Autonomous System earthlink.net Stanford.edu (AS#4355) (AS#32)

Routing Protocols

ARP (addr resolution protocol): IP addr ⟶ eth addr Security issues: (local network attacks)

n  Node A can confuse gateway into sending it traffic for Node B

n  By proxying traffic, node A can read/inject packets

into B’s session (e.g. WiFi networks)

OSPF: used for routing within an AS

BGP: routing between Autonomous Systems Security issues: unauthenticated route updates

n  Anyone can cause entire Internet to send traffic

for a victim IP to attacker’s address

18

BGP example

[

D. Wetherall

]

3 4 6 5 7 1 8 2 7 7 2 7 2 7 2 7 3 2 7 6 2 7 2 6 5 2 6 5 2 6 5 3 2 6 5 7 2 6 5 6 5 5 5

Security Issues

BGP path attestations are un-authenticated

n  Anyone can inject advertisements for arbitrary routes

n  Advertisement will propagate everywhere

n  Used for DoS, spam, and eavesdropping (details in DDoS lecture)

n  Often a result of human error

Solutions:

•

 

RPKI: AS obtains a certificate (ROA) from RIR and

attaches ROA to path advertisements.

Advertisements without a valid ROA are ignored.

Defends against a malicious AS (but not a network attacker)

20

Example path hijack

(source: Renesys 2013)

Feb 2013: Guadalajara ⟶ Washington DC via Belarus

Normally: Alestra (Mexico) ⟶ PCCW (Texas) ⟶ Qwest (DC) Reverse route (DC ⟶ Guadalajara) is unaffected:

•

 

Person browsing the Web in DC cannot tell by traceroute

that HTTP responses are routed through Moscow

route in effect for several

OSPF:

routing inside an AS

Link State Advertisements (LSA):

•

 

Flooded throughout AS so that all routers in the AS

have a complete view of the AS topology

•

 

Transmission: IP datagrams, protocol = 89

Neighbor discovery:

•

 

Routers dynamically discover direct neighbors on

attached links --- sets up an “adjacenty”

22 _Ra LSA DB: Rb Rb LSA R3 Ra Rb Net-1 Net-1 Ra LSA Ra Rb Net-1 3 2 2 3 1 ₁ 1

Security features

•

 

OSPF message integrity (unlike BGP)

n  Every link can have its own shared secret

n  Unfortunately, OSPF uses an insecure MAC: MAC(k,m) = MD5(data ll key ll pad ll len)

•

 

Every LSA is flooded throughout the AS

•  If a single malicious router, valid LSAs may still reach dest.

•

 

The “fight back” mechanism

•  If a router receives its own LSA with a newer timestamp

than the latest it sent, it immediately floods a new LSA

24

Still some attacks possible

[NKGB’12]

Threat model:

•

 

single malicious router wants to disrupt all AS traffic

Example problem: adjacency setup need no peer feedback

LAN Victim (DR) a remote attacker ad ja ce nc y False Hello and DBD m_{essages net 1} phantom router

26

Domain Name System

Hierarchical Name Space

root edu net

org com uk ca

wisc ucb stanford cmu mit

cs ee

www

DNS Root Name Servers

Hierarchical service

n  Root name servers for

top-level domains n  Authoritative name

servers for subdomains n  Local name resolvers

contact authoritative servers when they do not know a name

28

DNS Lookup Example

Client Local DNS resolver

root & edu DNS server stanford.edu DNS server www.cs.stanford.edu NS stanfo rd.edu www.cs.st anford.ed u NS cs.stanford.edu cs.stanford.edu DNS server DNS record types (partial list):

- NS: name server (points to other server) - A: address record (contains IP address) - MX: address in charge of handling email

Caching

DNS responses are cached

n  Quick response for repeated translations

n  Useful for finding servers as well as addresses

w  NS records for domains

DNS negative queries are cached

n  Save time for nonexistent sites, e.g. misspelling

Cached data periodically times out

n  Lifetime (TTL) of data controlled by owner of data

30

DNS Packet

Query ID:

n  16 bit random value

n  Links response to query

32

Response to resolver

Response contains IP addr of next NS server (called “glue”)

Response ignored if unrecognized QueryID

Authoritative response to resolver

final answer bailiwick checking: response is cached if it is within the same domain of query

(i.e. a.com cannot set NS for b.com)

34

Basic DNS Vulnerabilities

Users/hosts trust the host-address mapping provided by DNS:

n  Used as basis for many security policies:

Browser same origin policy, URL address bar

Obvious problems

n  Interception of requests or compromise of DNS servers can

result in incorrect or malicious responses w  e.g.: malicious access point in a Cafe

n  Solution – authenticated requests/responses

DNS cache poisoning

(a la Kaminsky’08)

Victim machine visits attacker’s web site, downloads Javascript

user browser local DNS resolver Query: a.bank.com a.bank.com QID=x₁ attacker attacker wins if _∃j: x₁ = y_j

response is cached and attacker owns bank.com

ns.bank.com IPaddr 256 responses: Random QID y₁, y₂, … NS bank.com=ns.bank.com A ns.bank.com=attackerIP

36

If at first you don’t succeed …

Victim machine visits attacker’s web site, downloads Javascript

user browser local DNS resolver Query: b.bank.com b.bank.com QID=x₂ attacker 256 responses: Random QID y₁, y₂, … NS bank.com=ns.bank.com A ns.bank.com=attackerIP attacker wins if _∃j: x₂ = y_j response is cached and attacker owns bank.com

ns.bank.com IPaddr

Defenses

•

 

Increase Query ID size. How?

•

 

Randomize src port, additional 11 bits

w  Now attack takes several hours

•

 

Ask every DNS query twice:

n  Attacker has to guess QueryID correctly twice (32 bits)

38

DNS poisoning attacks in the wild

January 2005, the domain name for a large New York ISP, Panix, was hijacked to a site in Australia.

In November 2004, Google and Amazon users were sent to Med Network Inc., an online pharmacy

In March 2003, a group dubbed the "Freedom Cyber Force Militia" hijacked visitors to the Al-Jazeera Web site and presented them with the message "God

DNS Rebinding Attack

Read permitted: it’s the

“

same origin

”

F ire w all _www.evil.com web server ns.evil.com DNS server 171.64.7.115 www.evil.com? corporate web server 171.64.7.115 TTL = 0 <iframe src="http://www.evil.com"> 192.168.0.100 192.168.0.100 [DWF’96, R’01] DNS-SEC cannot stop this attack

40

DNS Rebinding

Defenses

Browser mitigation: DNS Pinning

n  Refuse to switch to a new IP

n  Interacts poorly with proxies, VPN, dynamic DNS, …

n  Not consistently implemented in any browser

Server-side defenses

n  Check Host header for unrecognized domains

n  Authenticate users with something other than IP

Firewall defenses

n  External names can’t resolve to internal addresses

Summary

Core protocols not designed for security

n  Eavesdropping, Packet injection, Route stealing,

DNS poisoning

n  Patched over time to prevent basic attacks

(e.g. random TCP SN)

More secure variants exist (next lecture) :

IP ⟶ IPsec

DNS ⟶ DNSsec BGP ⟶ SBGP

Network Security Protocols and

Defensive Mechanisms

Outline

Network protocol security

n  Wireless access– 802.11i/WPA2

n  IPSEC

n  BGP instability and S-BGP

n  DNS rebinding and DNSSEC

Standard network defenses

n  Firewall

w  Packet filter (stateless, stateful), Application layer proxies

n  Intrusion detection

44

Network Protocol Stack

Application Transport Network Link Application protocol TCP protocol IP protocol Data Link IP Network Access IP protocol Data Link Application Transport Network Link

IKE subprotocol from IPSEC

A, (ga mod p) B, (gb mod p)

Result: A and B share secret g

ab

mod p

A

B

m1

m2

,

signB(m1,m2) signA(m1,m2) Key management

46

Authentic a-tion Server (RADIUS) No Key Authenticator UnAuth/UnAssoc 802.1X Blocked No Key Supplicant UnAuth/UnAssoc 802.1X Blocked No Key Supplicant Auth/Assoc 802.1X Blocked No Key Authenticator Auth/Assoc 802.1X Blocked No Key Authentic a-tion Server (RADIUS) No Key 802.11 Association EAP/802.1X/RADIUS Authentication Supplicant Auth/Assoc 802.1X Blocked MSK Authenticator Auth/Assoc 802.1X Blocked No Key Authentic a-tion Server (RADIUS) MSK MSK Supplicant Auth/Assoc 802.1X Blocked PMK Authenticator Auth/Assoc 802.1X Blocked PMK Authentic a-tion Server (RADIUS) No Key 4-Way Handshake Supplicant Auth/Assoc 802.1X UnBlocked PTK/GTK Authenticator Auth/Assoc 802.1X UnBlocked PTK/GTK Authentic a-tion Server (RADIUS) No Key

Group Key Handshake

Supplicant Auth/Assoc 802.1X UnBlocked New GTK Authenticator Auth/Assoc 802.1X UnBlocked New GTK Authentic a-tion Server (RADIUS) No Key

802.11i Protocol

Data Communication Supplicant Auth/Assoc 802.1X UnBlocked PTK/GTK Authenticator Auth/Assoc 802.1X UnBlocked PTK/GTK Authentic a-tion Server (RADIUS) No Key Link Layer

48

Basic Layer 2-3 Security Problems

Network packets pass by untrusted hosts

n  Eavesdropping, packet sniffing

n  Especially easy when attacker controls a

machine close to victim

TCP state can be easy to guess

n  Enables spoofing and session hijacking Transport layer security (from last lecture)

50

Virtual Private Network (VPN)

Three different modes of use:

n  Remote access client connections

n  LAN-to-LAN internetworking

n  Controlled access within an intranet

Several different protocols

n  PPTP – Point-to-point tunneling protocol

n  L2TP – Layer-2 tunneling protocol

n  IPsec (Layer-3: network layer)

52

IPSEC

Security extensions for IPv4 and IPv6

IP Authentication Header (AH)

n  Authentication and integrity of payload and header

IP Encapsulating Security Protocol (ESP)

n  Confidentiality of payload

ESP with optional ICV (integrity check value)

n  Confidentiality, authentication and integrity of

Recall packet formats and layers

Application

Transport (TCP, UDP) Network (IP)

Link Layer

Application message - data

TCP data TCP data TCP data

TCP Header data TCP IP IP Header data TCP IP ETH ETF Link (Ethernet)

Header Link (Ethernet) Trailer

segment packet frame message

54

IPSec Transport Mode: IPSEC instead of IP header

56

IKE subprotocol from IPSEC

A, (ga mod p) B, (gb mod p)

Result: A and B share secret g

ab

mod p

A

B

m1

m2

,

signB(m1,m2) signA(m1,m2) Key management

58

Mobile IPv6 Architecture

IPv6

Mobile Node (MN)

Corresponding Node (CN)

Home Agent (HA)

Direct connection via binding update

Authentication is a requirement

Early proposals weak

Filtering network traffic

60

Basic Firewall Concept

Separate local area net from internet

Router Firewall

All packets between LAN and internet routed through firewall

Local network Internet

62

64

Basic Packet Filtering

Uses transport-layer information only

n  IP Source Address, Destination Address

n  Protocol (TCP, UDP, ICMP, etc)

n  TCP or UDP source & destination ports

n  TCP Flags (SYN, ACK, FIN, RST, PSH, etc)

n  ICMP message type

Examples

n  DNS uses port 53

w  Block incoming port 53 packets except known trusted servers

Issues

n  Stateful filtering

n  Encapsulation: address translation, other complications

66

More about networking: port numbering

TCP connection

n  Server port uses number less than 1024

n  Client port uses number between 1024 and 16383

Permanent assignment

n  Ports <1024 assigned permanently

w  20,21 for FTP 23 for Telnet

w  25 for server SMTP 80 for HTTP

Variable use

n  Ports >1024 must be available for client to make connection

n  Limitation for stateless packet filtering

w  If client wants port 2048, firewall must allow incoming traffic

n  Better: stateful filtering knows outgoing requests

w  Only allow incoming traffic on high port to a machine that has

Filtering Example: Inbound SMTP

68

Filtering Example: Outbound SMTP

Known low port out, arbitrary high port in

70

Telnet

“PORT 1234” u v “ACK” Telnet Client Telnet Server 23 1234

u Client opens channel to server; tells server its port number. The ACK bit is not set while establishing the connection but will be set on the remaining

packets

v Server acknowledges

“PORT 5151” u v “OK” w DATA CHANN_EL x TCP ACK FTP Client FTP Server 20 Data 21 Command 5150 5151

u Client opens

command channel to server; tells server second port number v Server

acknowledges

w Server opens data channel to client’s second port

x Client

acknowledges

FTP

72

Normal IP Fragmentation

Flags and offset inside IP header indicate packet fragmentation

Abnormal Fragmentation

Low offset allows second packet to overwrite TCP header at receiving host

74

Packet Fragmentation Attack

Firewall configuration

n  TCP port 23 is blocked but SMTP port 25 is allowed

First packet

n  Fragmentation Offset = 0.

n  DF bit = 0 : "May Fragment"

n  MF bit = 1 : "More Fragments"

n  Destination Port = 25. TCP port 25 is allowed, so firewall allows packet

Second packet

n  Fragmentation Offset = 1: second packet overwrites all but first 8 bits of

the first packet

n  DF bit = 0 : "May Fragment"

n  MF bit = 0 : "Last Fragment."

n  Destination Port = 23. Normally be blocked, but sneaks by!

What happens

n  Firewall ignores second packet “TCP header” because it is fragment of first

TCP Protocol Stack

Application Transport Network Link Application protocol TCP protocol IP protocol Data Link IP Network Access IP protocol Data Link Application Transport Network Link

76

Remember SSL/TLS

C

Version, Crypto choice, nonce

Version, Choice, nonce, Signed certificate containing server’s public key Ks

S

Secret key K encrypted with server’s key Ks

Hash of sequence of messages Hash of sequence of messages

switch to negotiated cipher

Proxying Firewall

Application-level proxies

n  Tailored to http, ftp, smtp, etc.

n  Some protocols easier to proxy than others

Policy embedded in proxy programs

n  Proxies filter incoming, outgoing packets

n  Reconstruct application-layer messages

n  Can filter specific application-layer commands, etc.

w  Example: only allow specific ftp commands

w  Other examples: ?

Several network locations – see next slides

78

Firewall with application proxies

Daemon spawns proxy when communication detected … Network Connection

Telnet

daemon daemon FTP daemon SMTP Telnet

proxy

FTP

proxy _SMTP

Application-level proxies

Enforce policy for specific protocols

n  E.g., Virus scanning for SMTP

w  Need to understand MIME, encoding, Zip archives

n  Flexible approach, but may introduce network delays

“Batch” protocols are natural to proxy

n  SMTP (E-Mail) NNTP (Net news)

n  DNS (Domain Name System) NTP (Network Time Protocol

Must protect host running protocol stack

n  Disable all non-required services; keep it simple

n  Install/modify services you want

n  Run security audit to establish baseline

80

Web traffic scanning

Intercept and proxy web traffic

n  Can be host-based

n  Usually at enterprise gateway

Block known bad sites

Block pages with known attacks

Scan attachments

Firewall references

Elizabeth D. Zwicky Simon Cooper

William R Cheswick Steven M Bellovin

82

TCP Protocol Stack

Intrusion detection

Infrastructure protocols

n  BGP n  DNS Application Transport Network Link Application protocol TCP protocol IP protocol Data Link IP Network Access IP protocol Data Link Application Transport Network Link

Intrusion detection

Many intrusion detection systems

n  Close to 100 systems with current web pages

n  Network-based, host-based, or combination

Two basic models

n  Misuse detection model

w  Maintain data on known attacks

w  Look for activity with corresponding signatures

n  Anomaly detection model

w  Try to figure out what is “normal”

w  Report anomalous behavior

84

Example: Snort

From: Rafeeq Ur Rehman, Intrusion Detection Systems with Snort: Advanced IDS

Techniques with Snort, Apache, MySQL, PHP, and ACID.

Snort components

Packet Decoder

n  input from Ethernet, SLIP, PPP…

Preprocessor:

n  detect anomalies in packet headers

n  packet defragmentation

n  decode HTTP URI

n  reassemble TCP streams

Detection Engine: applies rules to packets

Logging and Alerting System

86

Snort detection rules

Additional examples

Alert will be generated if criteria met Apply to all ip packets

Source ip address

Source port #

destination ip address

Destination port

88

Snort challenges

Misuse detection – avoid known intrusions

n  Database size continues to grow

w  Snort version 2.3.2 had 2,600 rules

n  Snort spends 80% of time doing string match

Anomaly detection – identify new attacks

n  Probability of detection is low

Difficulties in anomaly detection

Lack of training data

n  Lots of “normal” network, system call data

n  Little data containing realistic attacks, anomalies

Data drift

n  Statistical methods detect changes in behavior

n  Attacker can attack gradually and incrementally

Main characteristics not well understood

n  By many measures, attack may be within bounds

of “normal” range of activities

90

INFRASTRUCTURE

BGP example

Transit: 2 provides transit for 7

Algorithm seems to work OK in practice

n  BGP is does not respond well to frequent node outages

3 4 6 5 7 1 8 2 7 7 2 7 2 7 2 7 3 2 7 6 2 7 2 6 5 2 6 5 2 6 5 3 2 6 5 7 2 6 5 6 5 5 5

92

BGP Security Issues

BGP is used for all inter-ISP routing

Benign configuration errors affect about 1% of all routing table entries at any time

Highly vulnerable to human errors, malicious attacks

n  Actual routing policies can be very complicated

MD5 MAC is rarely used, perhaps due to lack of automated key management, addresses only one class of attacks

S-BGP Design Overview

IPsec: secure point-to-point router communication Public Key Infrastructure: authorization for all S-BGP entities

Attestations: digitally-signed authorizations

n  Address: authorization to advertise specified address blocks

n  Route: Validation of UPDATEs based on a new path

attribute, using PKI certificates and attestations

Repositories for distribution of certificates, CRLs, and address attestations

Tools for ISPs to manage address attestations, process certificates & CRLs, etc.

94

BGP example

3 4 6 5 7 1 8 2 7 7 2 7 2 7 2 7 Host1 Host2 … Hostn AS Address blocks

Address Attestation

Indicates that the final AS listed in the UPDATE is authorized by the owner of those address blocks to advertise the address blocks in the UPDATE

Includes identification of:

n  owner’s certificate

n  AS to be advertising the address blocks

n  address blocks

n  expiration date

Digitally signed by owner of the address blocks Used to protect BGP from erroneous UPDATEs

96

Route Attestation

Indicates that the speaker or its AS authorizes the listener’s AS to use the route in the UPDATE

Includes identification of:

n  AS’s or BGP speaker’s certificate issued by owner of the AS

n  the address blocks and the list of ASes in the UPDATE

n  the neighbor

n  expiration date

Digitally signed by owner of the AS (or BGP speaker) distributing the UPDATE, traceable to the IANA ... Used to protect BGP from erroneous UPDATEs

Validating a Route

To validate a route from AS

_n

, AS

_n+1

needs:

n  address attestation from each organization owning an

address block(s) in the NLRI

n  address allocation certificate from each organization owning

address blocks in the NLRI

n  route attestation from every AS along the path (AS₁ to AS_n),

where the route attestation for AS_k specifies the NLRI and the path up to that point (AS₁ through AS_k+1)

n  certificate for each AS or router along path (AS₁ to AS_n) to

check signatures on the route attestations

n  and, of course, all the relevant CRLs must have been

98

INFRASTRUCTURE

Recall: DNS Lookup

Query: "www.example.com A?"

Reply Resource Records in Reply

3 5 7 8 "com. NS a.gtld.net" "a.gtld.net A 192.5.6.30" "example.com. NS a.iana.net" "a.iana.net A 192.0.34.43" "www.example.com A 1.2.3.4" "www.example.com A 1.2.3.4"

100

DNS is Insecure

Packets sent over UDP, < 512 bytes

16-bit TXID, UDP Src port are only “security”

Resolver accepts packet if above match

Packet from whom? Was it manipulated?

Cache poisoning

n  Attacker forges record at resolver

n  Forged record cached, attacks future lookups

n  Kaminsky (BH USA08)

“The Domain Name System (DNS) security extensions provide origin authentication and integrity assurance services for DNS data, including mechanisms for

authenticated denial of existence of DNS data.”

-RFC 4033

102

DNSSEC

Basically no change to packet format

n  Goal is security of DNS data, not channel security

New Resource Records (RRs)

n  RRSIG : signature of RR by private zone key

n  DNSKEY : public zone key

n  DS : crypto digest of child zone key

n  NSEC / NSEC3 authenticated denial of existence

Lookup referral chain (unsigned)

Origin attestation chain (PKI) (signed)

n  Start at pre-configured trust anchors

w  DS/DNSKEY of zone (should include root)

103

Query: "www.example.com A?"

3 5 7 8 Reply "com. NS a.gtld.net" "a.gtld.net A 192.5.6.30" "example.com. NS a.iana.net" "a.iana.net A 192.0.34.43" "www.example.com A 1.2.3.4" "www.example.com A 1.2.3.4"

RRs in DNS Reply Added by DNSSEC

"com. DS" "RRSIG(DS) by ." "com. DNSKEY" "RRSIG(DNSKEY) by com." "example.com. DS" "RRSIG(DS) by com." "example.com DNSKEY" "RRSIG(DNSKEY) by example.com." "RRSIG(A) by example.com." Last Hop?

DNSSEC Lookup

104

Authenticated Denial-of-Existence

Most DNS lookups result in denial-of-existence NSEC (Next SECure)

n  Lists all extant RRs associated with an owner name

n  Points to next owner name with extant RR

n  Easy zone enumeration

NSEC3

n  Hashes owner names

w  Public salt to prevent pre-computed dictionaries

n  NSEC3 chain in hashed order

n  Opt-out bit for TLDs to support incremental adoption

w  For TLD type zones to support incremental adoption

Insecure Sub-Namespace

NSEC3 Opt-out

n  "Does not assert the existence or non-existence of

the insecure delegations that it may cover" (RFC 5155)

n  Only thing asserting this is insecure glue records

Property: Possible to insert bogus pre-pended

name into otherwise secure zone.

(RFC 5155)

Insecure delegation from secure zone

n  Spoofs possible for resultant lookup results

106

DNS Rebinding Attack

Read permitted: it’s the “same origin”

F ire w all _www.evil.com web server ns.evil.com DNS server 171.64.7.115 www.evil.com? corporate web server 171.64.7.115 TTL = 0 <iframe src="http://www.evil.com"> 192.168.0.100 192.168.0.100 [DWF’96, R’01] DNSSEC cannot stop this attack

DNS Rebinding

Defenses

Browser mitigation: DNS Pinning

n  Refuse to switch to a new IP

n  Interacts poorly with proxies, VPN, dynamic DNS, …

n  Not consistently implemented in any browser

Server-side defenses

n  Check Host header for unrecognized domains

n  Authenticate users with something other than IP

Firewall defenses

n  External names can’t resolve to internal addresses

108

Summary

Network protocol security

n  Wireless security – 802.11i/WPA2

n  IPSEC

n  BGP instability and S-BGP

n  DNSSEC, DNS rebinding

Standard network perimeter defenses

n  Firewall

w  Packet filter (stateless, stateful), Application layer proxies

n  Traffic shaping

n  Intrusion detection