实际DNS攻击的演示及其使用DNSSEC的缓解

Int. J. Wirel. Networks Broadband Technol. Pub Date : 1900-01-01 DOI:10.4018/ijwnbt.2020010104

Israr Khan, William Farrelly, K. Curran

{"title":"实际DNS攻击的演示及其使用DNSSEC的缓解","authors":"Israr Khan, William Farrelly, K. Curran","doi":"10.4018/ijwnbt.2020010104","DOIUrl":null,"url":null,"abstract":"The authors implement common attacks on a DNS server and demonstrate that DNSSEC is an effectivesolutiontocounterDNSsecurityflaws.Thisresearchdemonstrateshowtocounterthezone transferattackviathegenerationofDNSSECkeysonthenameserverswhichpreventattackersfrom obtainingafullzonetransferasitsrequestforthetransferwithoutthekeyswasdeniedbytheprimary server.ThisarticlealsoprovidesadetailedscenarioofhowDNSSECcanbeusedasamechanism toprotectagainsttheattackifanattackertriedtoperformCachePoisoning.Theauthorsultimately showthataDNSSECserverwillnotacceptresponsesfromunauthorisedentitiesandwouldonly acceptresponseswhichareauthenticatedthroughouttheDNSSECchainoftrust. KEyWoRDS Cybersecurity, Security, DNS, Domain Name System, Internet, Routing, DNSSEC","PeriodicalId":422249,"journal":{"name":"Int. J. Wirel. Networks Broadband Technol.","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"A Demonstration of Practical DNS Attacks and their Mitigation Using DNSSEC\",\"authors\":\"Israr Khan, William Farrelly, K. Curran\",\"doi\":\"10.4018/ijwnbt.2020010104\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The authors implement common attacks on a DNS server and demonstrate that DNSSEC is an effectivesolutiontocounterDNSsecurityflaws.Thisresearchdemonstrateshowtocounterthezone transferattackviathegenerationofDNSSECkeysonthenameserverswhichpreventattackersfrom obtainingafullzonetransferasitsrequestforthetransferwithoutthekeyswasdeniedbytheprimary server.ThisarticlealsoprovidesadetailedscenarioofhowDNSSECcanbeusedasamechanism toprotectagainsttheattackifanattackertriedtoperformCachePoisoning.Theauthorsultimately showthataDNSSECserverwillnotacceptresponsesfromunauthorisedentitiesandwouldonly acceptresponseswhichareauthenticatedthroughouttheDNSSECchainoftrust. KEyWoRDS Cybersecurity, Security, DNS, Domain Name System, Internet, Routing, DNSSEC\",\"PeriodicalId\":422249,\"journal\":{\"name\":\"Int. J. Wirel. Networks Broadband Technol.\",\"volume\":\"50 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Wirel. Networks Broadband Technol.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/ijwnbt.2020010104\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Wirel. Networks Broadband Technol.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/ijwnbt.2020010104","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

作者在一个dnsserver上实现了常见的攻击，并证明了dnssec_是不存在的effectivesolutiontocounterDNSsecurityflaws。Thisresearchdemonstrateshowtocounterthezone transferattackviathegenerationofDNSSECkeysonthenameserverswhichpreventattackersfrom obtainingafullzonetransferasitsrequestforthetransferwithoutthekeyswasdeniedbytheprimary服务器。ThisarticlealsoprovidesadetailedscenarioofhowDNSSECcanbeusedasamechanism toprotectagainsttheattackifanattackertriedtoperformCachePoisoning。Theauthorsultimately showthataDNSSECserverwillnotacceptresponsesfromunauthorisedentitiesandwouldonly acceptresponseswhichareauthenticatedthroughouttheDNSSECchainoftrust。关键词网络安全，安全，DNS，域名系统，互联网，路由，DNSSEC

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Demonstration of Practical DNS Attacks and their Mitigation Using DNSSEC

The authors implement common attacks on a DNS server and demonstrate that DNSSEC is an effectivesolutiontocounterDNSsecurityflaws.Thisresearchdemonstrateshowtocounterthezone transferattackviathegenerationofDNSSECkeysonthenameserverswhichpreventattackersfrom obtainingafullzonetransferasitsrequestforthetransferwithoutthekeyswasdeniedbytheprimary server.ThisarticlealsoprovidesadetailedscenarioofhowDNSSECcanbeusedasamechanism toprotectagainsttheattackifanattackertriedtoperformCachePoisoning.Theauthorsultimately showthataDNSSECserverwillnotacceptresponsesfromunauthorisedentitiesandwouldonly acceptresponseswhichareauthenticatedthroughouttheDNSSECchainoftrust. KEyWoRDS Cybersecurity, Security, DNS, Domain Name System, Internet, Routing, DNSSEC

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Int. J. Wirel. Networks Broadband Technol.

自引率

0.00%

发文量