The cuckoo's egg: tracking a spy through the maze of computer espionage
The cuckoo's egg: tracking a spy through the maze of computer espionage
Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Linux Journal
A new approach to DNS security (DNSSEC)
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Reasoning about secrecy for active networks
Journal of Computer Security - CSFW13
Impact of configuration errors on DNS robustness
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Internet Routing and DNS Voodoo in the Enterprise
LISA '99 Proceedings of the 13th USENIX conference on System administration
An Extensible Platform for Evaluating Security Protocols
ANSS '05 Proceedings of the 38th annual Symposium on Simulation
Denial of Service against the Domain Name System
IEEE Security and Privacy
SCIT-DNS: critical infrastructure protection through secure DNS server dynamic updates
Journal of High Speed Networks - Special issue on trusted internet workshop (TIW) 2004
A DNS filter and switch for packet-filtering gateways
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Public Key distribution with secure DNS
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Cget, Cput, and stage: safe file transport tools for the internet
ATEC '97 Proceedings of the annual conference on USENIX Annual Technical Conference
Characterizing Dark DNS Behavior
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Quantifying the operational status of the DNSSEC deployment
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Impact of configuration errors on DNS robustness
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
Automating trusted key rollover in DNSSEC
Journal of Computer Security
LoKey: leveraging the SMS network in decentralized, end-to-end trust establishment
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
On the performance and analysis of DNS security extensions
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
GDS resource record: generalization ofthe delegation signer model
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
Trust extortion on the internet
STM'11 Proceedings of the 7th international conference on Security and Trust Management
A Proxy View of Quality of Domain Name Service, Poisoning Attacks and Survival Strategies
ACM Transactions on Internet Technology (TOIT)
Breaking cell phone authentication: vulnerabilities in AKA, IMS and Android
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
| Hi-index | 0.01 |
The DARPA Internet uses the Domain Name System (DNS), a distributed database, to map host names to network addresses, and vice-versa. Using a vulnerability first noticed by P.V. Mockapetris, we demonstrate how the DNS can be abused to subvert system security. We also show what tools are useful to the attacker. Possible defenses against this attack, including one implemented by Berkeley in response to our reports of this problem, are discussed, and the limitations on their applicability are demonstrated. This paper was written in 1990, and was withheld from publication by the author. The body of the paper is unchanged, even to the extreme of giving the size of the Internet as 200,000 hosts. An epilogue has been added that discusses why it was held back, and why it is now being released.