SlideShare une entreprise Scribd logo

Black Ops 2008: DNS Cache Poisoning Attack

Télécharger en tant que PPT, PDF
C
claytonnarcis

This document summarizes Dan Kaminsky's talk at Black Hat 2008 about DNS cache poisoning vulnerabilities. It describes how an attacker could spoof DNS responses to redirect traffic to malicious servers by guessing transaction IDs and bait-and-switch techniques. It also discusses ways to trigger DNS lookups from internal resolvers and extended the attacks to target firewall-protected networks. The talk highlighted major security issues in the DNS infrastructure and spurred an industry-wide effort to deploy patches.

Technologie
1  sur  104
Black Ops 2008: It’s The End Of The Cache As We Know It Or: “64K Should Be Good Enough For Anyone” Dan Kaminsky Director of Penetration Testing IOActive, Inc. copyright IOActive, Inc. 2006, all rights reserved.
Introduction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Thanks to the community ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Obviously thanks to the Summit Members ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
There are numbers and are there are numbers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What about the Fortune 500? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Can we watch the patching in action? (Thank you, Joichim Vidde et al, Clarified Networks)
But why all this work? ,[object Object]
Intro to DNS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DNS is distributed ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What about bad guys? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Guessing Game ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
And thus, Forgery Resilience ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
First: If it’s a race, between who can reply with the correct TXID first, the bad guy has the starter pistol ,[object Object],[object Object],[object Object],[object Object],[object Object]
Second, who said the bad guy can only reply once ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Finally, the bad guy doesn’t actually need to wait to try again. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Bait and Switch ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Enter The DNSRake ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What’s it look like? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Running the attack… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Validating the attack ,[object Object]
Extending The Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
On Bailiwicks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Out Of Bailiwick Referrals, or How To Attack Name Servers Behind Firewalls ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Many Starter Pistols Of Mr. Bad Guy ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
GetHostByName() Considered Harmful ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
GetHostByAddr() ain’t doing too well either ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Roy Arends’ Trick ,[object Object],[object Object],[object Object],[object Object]
About Those Internal Only Name Servers: An amusing trick ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The “Fix”, As Per DJB: Source Port Randomization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
THERE ARE MANY, MANY VARIANTS OF THIS ATTACK ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Florian Weimer / David Dowling’s new PowerDNS attack ,[object Object],[object Object],[object Object]
And Keep Going… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Choice ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Caveat ,[object Object],[object Object],[object Object]
What of the client? ,[object Object],[object Object],[object Object],[object Object],[object Object]
On Amit’s Client TXID Research ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Nothing Can Be Analyzed In Isolation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Chain ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Signals ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Shared Signals ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Another Path ,[object Object],[object Object],[object Object],[object Object]
Nobody ever expects The Billy Hoffman Option ,[object Object],[object Object],[object Object],[object Object],[object Object]
Of course, much easier with my attack ,[object Object],[object Object],[object Object],[object Object],[object Object]
So, is that all? ,[object Object]
We Start With The TLDs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MX Intercept: It’s Not Just For the NSA Anymore ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Message Pollution ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Shouldn’t The SPAM Filter Stop This? ,[object Object],[object Object],[object Object],[object Object]
Not going there, but… ,[object Object],[object Object],[object Object],[object Object],[object Object]
Spidey Sense ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Internet is more than the Web; HTTP is more than the Browser ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
 
We’re no longer in browserland anymore…
Remember Sidebar from Last Year?
This is not an exception ,[object Object],[object Object],[object Object],[object Object],[object Object]
Ilja van Sprundel, dumb fuzzing IRC with ircfuzz.c ,[object Object],[object Object],[object Object],[object Object],[object Object]
Lets not forget about the biggest, most extensive clients out there ,[object Object],[object Object],[object Object],[object Object]
How do you know what to attack? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Who needs an exploit? Lured by design, upgraded by design ,[object Object],[object Object],[object Object],[object Object]
Autoupgrade Is Hard ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
*facepalm* ,[object Object],[object Object],[object Object],[object Object]
Make no mistake ,[object Object],[object Object],[object Object]
Lets talk about SSL. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
More SSL ,[object Object],[object Object],[object Object],[object Object],[object Object]
Must Actually Care About Certificate Chain ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Who Says Applications Always (ever) Care About Cert Chains? ,[object Object],[object Object],[object Object]
Even if actually a web app, must handle secure cookies correctly ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Must not mix Secure and Insecure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Woe To The Poor Flash Security Guy Who Had To Document AllowInsecureDomain() ,[object Object],[object Object],[object Object],[object Object],[object Object]
 
We Live In The Future ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Cert should not use MD5 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Cert Must Never Have Been Generated By Debian ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
So? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Into The Lions Den ,[object Object],[object Object],[object Object]
Say Hello To My Little Friend ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Hello My Little Friend ,[object Object],[object Object],[object Object],[object Object],[object Object]
And what about EV? ,[object Object],[object Object],[object Object],[object Object]
What Else Is Interesting? ,[object Object],[object Object]
When I said The Web was broken, I wasn’t talking about just its clients. (confused?)
Welcome to the Skeleton Key. It’s By Design.
Forgot My Password Modes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Attacking Forgot My Password systems ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
News ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Reality Check ,[object Object],[object Object]
Would OpenID have helped?
How did Stikis find the “friend”? Hint: DNS
So Right About Now You’re Probably Thinking… ,[object Object],[object Object]
Let Us Discuss The Inconvenient Matter Of Reverse DNS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
More Reverse DNS ,[object Object],[object Object],[object Object],[object Object],[object Object]
Lets Party Like It’s 2007 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Spreading The Phun ,[object Object],[object Object],[object Object],[object Object]
Enough with the client bugs? ,[object Object]
Which would you rather own? BGP? Or DNS? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Difficulty: Cannot poison authoritative on servers… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
When Internal DNS Goes Bad ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Even if internal DNS is hard to hit, external dependencies are fair game ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The ultimate external dependencies ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Content Distribution Network Corruption ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Hype ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Lessons Learned ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Bottom Line ,[object Object],[object Object],[object Object],[object Object]

Recommandé

Hacs workshop
Hacs workshopHacs workshop
Hacs workshopAmrita University
 
PDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwordsPDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwordsRyan Smith
 
AlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree Search
AlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree SearchAlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree Search
AlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree SearchKarel Ha
 
(in)Secure Secret Zone
(in)Secure Secret Zone(in)Secure Secret Zone
(in)Secure Secret ZoneReality Net System Solutions
 
Innovacion Abierta
Innovacion AbiertaInnovacion Abierta
Innovacion AbiertaStalin Rojas
 
Under Water
Under WaterUnder Water
Under WaterMarlis
 
Que Es Un Wiki!
Que Es Un Wiki!Que Es Un Wiki!
Que Es Un Wiki!isearcy
 
Crafco "Blue Matrix System" with Evazote
Crafco "Blue Matrix System" with EvazoteCrafco "Blue Matrix System" with Evazote
Crafco "Blue Matrix System" with EvazoteBrennanRoney
 

Recommandé

Hacs workshop
Hacs workshopHacs workshop
Hacs workshopAmrita University
 
PDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwordsPDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwordsRyan Smith
 
AlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree Search
AlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree SearchAlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree Search
AlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree SearchKarel Ha
 
(in)Secure Secret Zone
(in)Secure Secret Zone(in)Secure Secret Zone
(in)Secure Secret ZoneReality Net System Solutions
 
Innovacion Abierta
Innovacion AbiertaInnovacion Abierta
Innovacion AbiertaStalin Rojas
 
Under Water
Under WaterUnder Water
Under WaterMarlis
 
Que Es Un Wiki!
Que Es Un Wiki!Que Es Un Wiki!
Que Es Un Wiki!isearcy
 
Crafco "Blue Matrix System" with Evazote
Crafco "Blue Matrix System" with EvazoteCrafco "Blue Matrix System" with Evazote
Crafco "Blue Matrix System" with EvazoteBrennanRoney
 
Dmk bo2 k8
Dmk bo2 k8Dmk bo2 k8
Dmk bo2 k8Dan Kaminsky
 
Basic hacking tutorial i
Basic hacking tutorial iBasic hacking tutorial i
Basic hacking tutorial iGeraldine Indira Jayo Escalante
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012Dan Kaminsky
 
Password Storage Sucks!
Password Storage Sucks!Password Storage Sucks!
Password Storage Sucks!nerdybeardo
 
Conficker
ConfickerConficker
Confickeremartinez.romero
 
A @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSA @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSRob Fuller
 
Footprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingFootprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingSathishkumar A
 
Dmk neut toor
Dmk neut toorDmk neut toor
Dmk neut toorDan Kaminsky
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 
Угадываем пароль за минуту
Угадываем пароль за минутуУгадываем пароль за минуту
Угадываем пароль за минутуPositive Hack Days
 
Tales from the Field
Tales from the FieldTales from the Field
Tales from the FieldMongoDB
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDan Kaminsky
 
2600 v22 n3 (autumn 2005)
2600 v22 n3 (autumn 2005)2600 v22 n3 (autumn 2005)
2600 v22 n3 (autumn 2005)Felipe Prado
 
Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006Dan Kaminsky
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2Dan Kaminsky
 
Hunting primes (a caccia di primi) 27 ott 2014
Hunting primes (a caccia di primi) 27 ott 2014Hunting primes (a caccia di primi) 27 ott 2014
Hunting primes (a caccia di primi) 27 ott 2014Vincenzo Sambito
 
Hacking CEH cheat sheet
Hacking CEH cheat sheetHacking CEH cheat sheet
Hacking CEH cheat sheetInternational College of Security Studies
 
Ferret
FerretFerret
Ferretyonny4103
 
UUUU
UUUUUUUU
UUUUyonny4103
 
Ferret - Data Seepage
Ferret - Data SeepageFerret - Data Seepage
Ferret - Data Seepageamiable_indian
 
Melbourneit Brandowners
Melbourneit BrandownersMelbourneit Brandowners
Melbourneit Brandownersclaytonnarcis
 
Classic Ford Nov 2005 (Mkii Escort)
Classic Ford Nov 2005 (Mkii Escort)Classic Ford Nov 2005 (Mkii Escort)
Classic Ford Nov 2005 (Mkii Escort)claytonnarcis
 

Contenu connexe

Similaire à Black Ops 2008: DNS Cache Poisoning Attack

Password Storage Sucks!
Password Storage Sucks!Password Storage Sucks!
Password Storage Sucks!nerdybeardo
 
A @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSA @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSRob Fuller
 
Footprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingFootprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingSathishkumar A
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 
Угадываем пароль за минуту
Угадываем пароль за минутуУгадываем пароль за минуту
Угадываем пароль за минутуPositive Hack Days
 
Tales from the Field
Tales from the FieldTales from the Field
Tales from the FieldMongoDB
 
2600 v22 n3 (autumn 2005)
2600 v22 n3 (autumn 2005)2600 v22 n3 (autumn 2005)
2600 v22 n3 (autumn 2005)Felipe Prado
 
Hunting primes (a caccia di primi) 27 ott 2014
Hunting primes (a caccia di primi) 27 ott 2014Hunting primes (a caccia di primi) 27 ott 2014
Hunting primes (a caccia di primi) 27 ott 2014Vincenzo Sambito
 

Similaire à Black Ops 2008: DNS Cache Poisoning Attack (20)

Dmk bo2 k8
Dmk bo2 k8Dmk bo2 k8
Dmk bo2 k8
 
Basic hacking tutorial i
Basic hacking tutorial iBasic hacking tutorial i
Basic hacking tutorial i
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012
 
Password Storage Sucks!
Password Storage Sucks!Password Storage Sucks!
Password Storage Sucks!
 
Conficker
ConfickerConficker
Conficker
 
A @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSA @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNS
 
Footprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingFootprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hacking
 
Dmk neut toor
Dmk neut toorDmk neut toor
Dmk neut toor
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)
 
Угадываем пароль за минуту
Угадываем пароль за минутуУгадываем пароль за минуту
Угадываем пароль за минуту
 
Tales from the Field
Tales from the FieldTales from the Field
Tales from the Field
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fed
 
2600 v22 n3 (autumn 2005)
2600 v22 n3 (autumn 2005)2600 v22 n3 (autumn 2005)
2600 v22 n3 (autumn 2005)
 
Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2
 
Hunting primes (a caccia di primi) 27 ott 2014
Hunting primes (a caccia di primi) 27 ott 2014Hunting primes (a caccia di primi) 27 ott 2014
Hunting primes (a caccia di primi) 27 ott 2014
 
Hacking CEH cheat sheet
Hacking CEH cheat sheetHacking CEH cheat sheet
Hacking CEH cheat sheet
 
Ferret
FerretFerret
Ferret
 
UUUU
UUUUUUUU
UUUU
 
Ferret - Data Seepage
Ferret - Data SeepageFerret - Data Seepage
Ferret - Data Seepage
 

Plus de claytonnarcis

Melbourneit Brandowners
Melbourneit BrandownersMelbourneit Brandowners
Melbourneit Brandownersclaytonnarcis
 
Classic Ford Nov 2005 (Mkii Escort)
Classic Ford Nov 2005 (Mkii Escort)Classic Ford Nov 2005 (Mkii Escort)
Classic Ford Nov 2005 (Mkii Escort)claytonnarcis
 
Dennis Carlton: Impact of new gTLD on consumer welfare
Dennis Carlton: Impact of new gTLD on consumer welfareDennis Carlton: Impact of new gTLD on consumer welfare
Dennis Carlton: Impact of new gTLD on consumer welfareclaytonnarcis
 
Dennis Carlton: Price caps on new gTLD registries
Dennis Carlton: Price caps on new gTLD registriesDennis Carlton: Price caps on new gTLD registries
Dennis Carlton: Price caps on new gTLD registriesclaytonnarcis
 
Michael Palage : Go/No-Go on new gTLD
Michael Palage : Go/No-Go on new gTLDMichael Palage : Go/No-Go on new gTLD
Michael Palage : Go/No-Go on new gTLDclaytonnarcis
 
dotDeloitte : Corporate gTLD
dotDeloitte : Corporate gTLDdotDeloitte : Corporate gTLD
dotDeloitte : Corporate gTLDclaytonnarcis
 
Edmon (dotAsia) on the new gTLD 2nd Draft
Edmon (dotAsia) on the new gTLD 2nd DraftEdmon (dotAsia) on the new gTLD 2nd Draft
Edmon (dotAsia) on the new gTLD 2nd Draftclaytonnarcis
 

Plus de claytonnarcis (7)

Melbourneit Brandowners
Melbourneit BrandownersMelbourneit Brandowners
Melbourneit Brandowners
 
Classic Ford Nov 2005 (Mkii Escort)
Classic Ford Nov 2005 (Mkii Escort)Classic Ford Nov 2005 (Mkii Escort)
Classic Ford Nov 2005 (Mkii Escort)
 
Dennis Carlton: Impact of new gTLD on consumer welfare
Dennis Carlton: Impact of new gTLD on consumer welfareDennis Carlton: Impact of new gTLD on consumer welfare
Dennis Carlton: Impact of new gTLD on consumer welfare
 
Dennis Carlton: Price caps on new gTLD registries
Dennis Carlton: Price caps on new gTLD registriesDennis Carlton: Price caps on new gTLD registries
Dennis Carlton: Price caps on new gTLD registries
 
Michael Palage : Go/No-Go on new gTLD
Michael Palage : Go/No-Go on new gTLDMichael Palage : Go/No-Go on new gTLD
Michael Palage : Go/No-Go on new gTLD
 
dotDeloitte : Corporate gTLD
dotDeloitte : Corporate gTLDdotDeloitte : Corporate gTLD
dotDeloitte : Corporate gTLD
 
Edmon (dotAsia) on the new gTLD 2nd Draft
Edmon (dotAsia) on the new gTLD 2nd DraftEdmon (dotAsia) on the new gTLD 2nd Draft
Edmon (dotAsia) on the new gTLD 2nd Draft
 

Dernier

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Dernier (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Black Ops 2008: DNS Cache Poisoning Attack

  • 1. Black Ops 2008: It’s The End Of The Cache As We Know It Or: “64K Should Be Good Enough For Anyone” Dan Kaminsky Director of Penetration Testing IOActive, Inc. copyright IOActive, Inc. 2006, all rights reserved.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. Can we watch the patching in action? (Thank you, Joichim Vidde et al, Clarified Networks)
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.  
  • 54. We’re no longer in browserland anymore…
  • 55. Remember Sidebar from Last Year?
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.  
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81. When I said The Web was broken, I wasn’t talking about just its clients. (confused?)
  • 82. Welcome to the Skeleton Key. It’s By Design.
  • 83.
  • 84.
  • 85.
  • 86.
  • 87. Would OpenID have helped?
  • 88. How did Stikis find the “friend”? Hint: DNS
  • 89.
  • 90.
  • 91.
  • 92.
  • 93.
  • 94.
  • 95.
  • 96.
  • 97.
  • 98.
  • 99.
  • 100.
  • 101.
  • 102.
  • 103.
  • 104.