发布求助
文献互助 智能选刊 最新文献

TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records

2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2020-09-01 DOI:10.1109/EuroSPW51379.2020.00080
O. V. D. Toorn, R. V. Rijswijk-Deij, T. Fiebig, Martina Lindorfer, A. Sperotto
{"title":"TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records","authors":"O. V. D. Toorn, R. V. Rijswijk-Deij, T. Fiebig, Martina Lindorfer, A. Sperotto","doi":"10.1109/EuroSPW51379.2020.00080","DOIUrl":null,"url":null,"abstract":"The DNS TXT resource record is the one with the most flexibility for its contents, as it is a largely unstructured. Although it might be the ideal basis for storing any form of text-based information, it also poses a security threat, as TXT records can also be used for malicious and unintended practices. Yet, TXT records are often overlooked in security research. In this paper, we present the first structured study of the uses of TXT records, with a specific focus on security implications. We are able to classify over 99.54% of all TXT records in our dataset, finding security issues including accidentally published private keys and exploit delivery attempts. We also report on our lessons learned during our large-scale, systematic analysis of TXT records.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EuroSPW51379.2020.00080","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9

Abstract

The DNS TXT resource record is the one with the most flexibility for its contents, as it is a largely unstructured. Although it might be the ideal basis for storing any form of text-based information, it also poses a security threat, as TXT records can also be used for malicious and unintended practices. Yet, TXT records are often overlooked in security research. In this paper, we present the first structured study of the uses of TXT records, with a specific focus on security implications. We are able to classify over 99.54% of all TXT records in our dataset, finding security issues including accidentally published private keys and exploit delivery attempts. We also report on our lessons learned during our large-scale, systematic analysis of TXT records.
分享
查看原文 本刊更多论文
TXT 101:查找DNS TXT记录长尾中的安全问题
DNS TXT资源记录的内容是最灵活的,因为它在很大程度上是非结构化的。尽管它可能是存储任何形式的基于文本的信息的理想基础,但它也带来了安全威胁,因为TXT记录也可以用于恶意和意外的操作。然而,TXT记录在安全研究中往往被忽视。在本文中,我们首次对TXT记录的使用进行了结构化研究,并特别关注了其安全含义。我们能够对数据集中超过99.54%的TXT记录进行分类,发现安全问题,包括意外发布的私钥和利用交付尝试。我们还报告了在对TXT记录进行大规模系统分析过程中吸取的经验教训。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信