Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Perils of transitive trust in the domain name system
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
ALS '01 Proceedings of the 5th annual Linux Showcase & Conference - Volume 5
Performance analysis and comparison of interrupt-handling schemes in gigabit networks
Computer Communications
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure
ACM Transactions on Information and System Security (TISSEC)
Comments on selecting ephemeral ports
ACM SIGCOMM Computer Communication Review
Performance considerations in designing network interfaces
IEEE Journal on Selected Areas in Communications
Antidotes for DNS Poisoning by Off-Path Adversaries
ARES '12 Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security
Cloudoscopy: services discovery and topology mapping
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Measuring the practical impact of DNSSEC deployment
SEC'13 Proceedings of the 22nd USENIX conference on Security
DNSSEC: Interoperability Challenges and Transition Mechanisms
ARES '13 Proceedings of the 2013 International Conference on Availability, Reliability and Security
| Hi-index | 0.00 |
We present a new technique, which we call socket overloading, that we apply for off-path attacks on DNS. Socket overloading consists of short, low-rate, bursts of inbound packets, sent by off-path attacker to a victim host. Socket overloading exploits the priority assigned by the kernel to hardware interrupts, and enables an off-path attacker to illicit a side-channel on client hosts, which can be applied to circumvent source port and name server randomisation. Both port and name server randomisation are popular and standardised defenses, recommended in [RFC5452], against attacks by off-path adversaries. We show how to apply socket overloading for DNS cache poisoning and name server pinning against popular systems that support algorithms recommended in [RFC6056] and [RFC4097] respectively. Our socket overloading technique may be of independent interest, and can be applied against other protocols for different attacks.