Communications of the ACM
DNS performance and the effectiveness of caching
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
CoDNS: improving DNS performance and reliability via cooperative lookups
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Proceedings of the 3rd international workshop on Visualization for computer security
Beamauth: two-factor web authentication with a bookmark
Proceedings of the 14th ACM conference on Computer and communications security
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries
Proceedings of the 15th ACM conference on Computer and communications security
CEC'09 Proceedings of the Eleventh conference on Congress on Evolutionary Computation
Measuring availability in the domain name system
INFOCOM'10 Proceedings of the 29th conference on Information communications
Towards a secure rendezvous network for future publish/subscribe architectures
FIS'10 Proceedings of the Third future internet conference on Future internet
Improving robustness of DNS to software vulnerabilities
Proceedings of the 27th Annual Computer Security Applications Conference
Quantifying DNS namespace influence
Computer Networks: The International Journal of Computer and Telecommunications Networking
Survey on DNS configurations, interdependencies, resilience and security for *.ke domains
Proceedings of the 2nd ACM Symposium on Computing for Development
Socket overloading for fun and cache-poisoning
Proceedings of the 29th Annual Computer Security Applications Conference
Leveraging Social Feedback to Verify Online Identity Claims
ACM Transactions on the Web (TWEB)
Hi-index | 0.00 |
The Domain Name System, DNS, is based on nameserver delegations, which introduce complex and subtle dependencies between names and nameservers. In this paper, we present results from a large scale survey of DNS, and show that these dependencies lead to a highly insecure naming system. We report specifically on three aspects of DNS security: the properties of the DNS trusted computing base, the extent and impact of existing vulnerabilities in the DNS infrastructure, and the ease with which attacks against DNS can be launched. The survey shows that a typical name depends on 46 servers on average, whose compromise can lead to domain hijacks, while names belonging to some countries depend on a few hundred servers. An attacker exploiting well-documented vulnerabilities in DNS nameservers can hijack more than 30% of the names appearing in the Yahoo and DMOZ.org directories. And certain nameservers, especially in educational institutions, control as much as 10% of the namespace.