Skip to main content
Springer Nature Link
Log in

Delay Fast Packets (DFP): Prevention of DNS Cache Poisoning

  • Conference paper
Security and Privacy in Communication Networks (SecureComm 2011)

  • 1125 Accesses

Abstract

The Domain Name System (DNS) protocol is used as a naming system for computers, services, or any other network resource. This paper presents a solution for the cache poisoning attack in which the attacker inserts incorrect data into the DNS cache. In order to successfully poison the cache, the attacker response must beat the real response in the race back to the local DNS server. In our model, we assume an eavesdropping attacker that can construct a response that is identical to the legal response. The primary aim of our solution is to construct a normal profile of the round trip time from when the request is sent until the arrival of the response, and then to search for anomalies of the constructed profile. In order to poison the cache of a DNS server, the attacker has to know the source port and the Transaction ID (TID) of the request. As far as we know, all current solutions which do not change the protocol, assume an attacker that cannot see the request and therefore has to guess the TID. All these solutions try to increase entropy in order to make the guesswork harder. In our strict model, increasing entropy is useless. We in no way claim that our scheme is flawless. Nevertheless, this effort represents the first step towards preserving the DNS cache assuming an eavesdropping attacker.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Dns, http://www.ietf.org/rfc/rfc1034.txt

  2. Dns, http://www.ietf.org/rfc/rfc1035.txt

  3. Schuba, C.: Addressing weaknesses in the domain name system protocol. Master’s thesis (August 1993)

    Google Scholar 

  4. Hyatt, R.: Keeping dns trustworthy. The ISSA Journal, 37–38 (2006)

    Google Scholar 

  5. Bernstein, D.J.: Dnscurve, http://dnscurve.org/

  6. Sainstitute: Attacking the dns protocol security paper (2003)

    Google Scholar 

  7. Terry, D.B., Painter, M., Riggle, D.W., Zhou, S.: The berkeley internet name domain server. EECS Department, University of California, Berkeley, Tech. Rep. UCB/CSD-84-182 (May 1984), http://www.eecs.berkeley.edu/Pubs/TechRpts/1984/5957.html

  8. Klein, A.: Bind 9 dns cache poisoning (2007)

    Google Scholar 

  9. Stewart, J.: Dns cache poisoning - the next generation (2003)

    Google Scholar 

  10. Kaminsky, D.: The kamisky bug, http://dankaminsky.com/

  11. Internet Systems Consortium, I.: “Bind 9” (2003), http://www.bind9.net/

  12. Powerdns (2011), http://doc.powerdns.com/

  13. Vixie, P., Dagon, D.: Use of bit 0x20 in dns labels to improve transaction identity (2008), http://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00

  14. Dagon, D., Antonakakis, M., Vixie, P., Jinmei, T., Lee, W.: Increased dns forgery resistance through 0x20-bit encoding: security via leet queries. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 211–222. ACM, New York (2008), http://doi.acm.org/10.1145/1455770.1455798

    Chapter  Google Scholar 

  15. Perdisci, R., Antonakakis, M., Lee, W.: Solving the dns cache poisoning problem without changing the protocol (2008)

    Google Scholar 

  16. Perdisci, R., Antonakakis, M., Luo, X., Lee, W.: Wsec dns: Protecting recursive dns resolvers from poisoning attacks. In: DSN, pp. 3–12. IEEE (2009), http://dblp.uni-trier.de/db/conf/dsn/dsn2009.html#PerdisciALL09

  17. Hoy, J.G.: Measures for making dns more resilient against forged answers (2008), http://www.jhsoft.com/dns-xqid.html

  18. Hubert, A., van Mook, R.: Anti dns spoofing - extended query id, xqid (2008), http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience-10

  19. djbdns (2004), http://cr.yp.to/djbdns.html

  20. Dnssec, http://www.dnssec.net/

  21. Atkins, D., Austein, R.: Threat analysis of the domain name system, dns (2004), http://www.ietf.org/rfc/rfc3833.txt

  22. Ariyapperuma, S., Mitchell, C.J.: Security vulnerabilities in dns and dnssec. In: Proceedings of the The Second International Conference on Availability, Reliability and Security, pp. 335–342. IEEE Computer Society, Washington, DC (2007), http://portal.acm.org/citation.cfm?id=1249254.1250514

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, The Hebrew University of Jerusalem, Israel

    Shimrit Tzur-David, Kiril Lashchiver, Danny Dolev & Tal Anker

Authors
  1. Shimrit Tzur-David
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kiril Lashchiver
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Danny Dolev
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tal Anker
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. City University London, 10 Northampton Square, EC1V 0HB, London, UK

    Muttukrishnan Rajarajan

  2. Royal Holloway University of London, TW20 0EX, Egham Hill, UK

    Fred Piper

  3. College of William and Mary, P.O. Box 8795, 23187, Williamsburg, VA, USA

    Haining Wang

  4. Pennsylvania State University, 338J IST Buillding, 16802, University Park, PA, USA

    George Kesidis

Rights and permissions

Reprints and permissions

Copyright information

© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Tzur-David, S., Lashchiver, K., Dolev, D., Anker, T. (2012). Delay Fast Packets (DFP): Prevention of DNS Cache Poisoning. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds) Security and Privacy in Communication Networks. SecureComm 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 96. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31909-9_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31909-9_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31908-2

  • Online ISBN: 978-3-642-31909-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics