Unveiling the Weak Links: Exploring DNS Infrastructure Vulnerabilities and Fortifying Defenses

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI:10.1109/EuroSPW59978.2023.00067

Yevheniya Nosyk, Olivier Hureau, Simon Fernandez, A. Duda, Maciej Korczyński

{"title":"Unveiling the Weak Links: Exploring DNS Infrastructure Vulnerabilities and Fortifying Defenses","authors":"Yevheniya Nosyk, Olivier Hureau, Simon Fernandez, A. Duda, Maciej Korczyński","doi":"10.1109/EuroSPW59978.2023.00067","DOIUrl":null,"url":null,"abstract":"In the past decades, DNS has gradually risen into one of the most important systems on the Internet. Malicious actors have long misused it in reflection and amplification DDoS attacks, but given its criticality, DNS quickly became an attractive attack target itself. There appeared a number of activities that make use of domain names and the DNS protocol to perform illegal actions, collectively referred to as DNS abuse. In this paper, we measure the landscape of DNS infrastructure vulnerabilities across millions of recursive resolvers and authoritative nameservers. We enumerate domain names deploying cache poisoning protection (DNSSEC), email authentication (SPF/DMARC), and resolvers accepting DNS requests from arbitrary clients. We show that DNS infrastructure is not sufficiently protected against cybersecurity threats and propose a set of recommendations to mitigate the existing problems. Conducted in the frame of a European Commission project, our findings will be considered for inclusion in the upcoming European Union legislation on cybersecurity.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EuroSPW59978.2023.00067","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

In the past decades, DNS has gradually risen into one of the most important systems on the Internet. Malicious actors have long misused it in reflection and amplification DDoS attacks, but given its criticality, DNS quickly became an attractive attack target itself. There appeared a number of activities that make use of domain names and the DNS protocol to perform illegal actions, collectively referred to as DNS abuse. In this paper, we measure the landscape of DNS infrastructure vulnerabilities across millions of recursive resolvers and authoritative nameservers. We enumerate domain names deploying cache poisoning protection (DNSSEC), email authentication (SPF/DMARC), and resolvers accepting DNS requests from arbitrary clients. We show that DNS infrastructure is not sufficiently protected against cybersecurity threats and propose a set of recommendations to mitigate the existing problems. Conducted in the frame of a European Commission project, our findings will be considered for inclusion in the upcoming European Union legislation on cybersecurity.

查看原文本刊更多论文

揭示薄弱环节:探索DNS基础设施漏洞和加强防御

在过去的几十年里，DNS已经逐渐崛起为互联网上最重要的系统之一。长期以来，恶意行为者将其滥用于反射和放大DDoS攻击中，但鉴于其重要性，DNS本身迅速成为一个有吸引力的攻击目标。出现了许多利用域名和DNS协议执行非法操作的活动，统称为DNS滥用。在本文中，我们测量了数百万个递归解析器和权威名称服务器的DNS基础设施漏洞的情况。我们列举了部署缓存中毒保护(DNSSEC)、电子邮件认证(SPF/DMARC)和接受任意客户端DNS请求的解析器的域名。我们表明，DNS基础设施没有充分防范网络安全威胁，并提出了一组建议，以减轻现有的问题。在欧盟委员会项目的框架内进行，我们的研究结果将被考虑纳入即将出台的欧盟网络安全立法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

自引率

0.00%

发文量