12–13 May 2013
Burlington Hotel
Europe/Dublin timezone

Vectors for Bitsquatting Attacks

12 May 2013, 10:50
25m
Burlington Hotel

Burlington Hotel

Connaught Suite, Upper Leeson Street, Dublin 4, Ireland
OARC Public Workshop

Speaker

Jaeson Schultz (Cisco Systems, Inc)

Description

Bit errors in memory, when they occur in a stored domain name, can direct Internet traffic to the wrong location, potentially compromising security. When a domain name one bit different from a target domain is registered in order to intercept traffic for malicious purposes, the attack is called bitsquatting. For example, by changing only one bit, a target domain such as “twitter.com” can become the bitsquat domain “twitte2.com”.

Summary

Bitsquatting attacks are more practical now than ever before, and the effects of bit errors on not only domains but also on application level protocols can be unexpected. This DNS research project describes several previously unknown vectors for bitsquatting attacks, then presents some general statistics about the scope of the bitsquatting problem, and finally proposes some novel mitigations which do not involve the mass registration of additional domains.

Primary author

Jaeson Schultz (Cisco Systems, Inc)

Presentation materials