9-10 May 2015
Okura Hotel
Europe/Amsterdam timezone

The iDNS attack (resolver loop)

10 May 2015, 12:00
30m
Heian I/II (Okura Hotel)

Heian I/II

Okura Hotel

Ferdinand Bolstraat 333 1072 LH Amsterdam
Public Workshop

Speaker

Mr. Florian Maury (ANSSI/FNISA)

Description

ANSSI identified that several popular DNS resolver implementations could be led into following a large number of delegations. By doing so, these resolvers could inflict a denial of service either of the resolver itself by excessive resource consumption or its hosting network by flooding it with packets. Vulnerable implementations can also be enticed into sending to a victim ten times the number of packets sent by the attacker to the resolver, thus performing a distributed denial of service attack with packet amplification. This presentation covers the exploitation methodology for both kind of attacks, and presents ANSSI's disclosure plan, the mitigation strategies implemented by the various vendors and some workarounds when denial of service is caused by an overwhelmed Linux-based firewall.

Summary

This presentation covers the exploitation methodology for both the DoS and the DDoS aspects of the iDNS vulnerability, and presents ANSSI's disclosure plan, the mitigation strategies implemented by the various vendors and some workarounds when denial of service is caused by an overwhelmed Linux-based firewall.

Primary author

Mr. Florian Maury (ANSSI/FNISA)

Presentation Materials

Your browser is out of date!

Update your browser to view this website correctly. Update my browser now

×