14,326
edits
Changes
Jump to navigation
Jump to search
Line 6:
Line 6: − 1). You, the user, enters www.communitydns.net in the address bar of your browser.<br>+ − 2). Your browser sends a request to the DNS server of your respective ISP.<br>+ − 3). Your [[ISP]]’s [[DNS]] server does not have a destination [[IP address]] for communitydns.net so then informs your browser to query the root servers at the top of the global [[DNS]] hierarchy. Your [[ISP]] has a list of all of the [[Root Server|root servers]] around the globe and rotates through this list to determine which root server your browser will ultimately send its request to. Your request could go to a root server nearest you or half way around the world.<br>+ − 4). Your browser sends its request for www.communitydns.net to the root server. Since the root servers only know the destination of [[TLD]]s your browser is returned the address of the registry name servers that are responsible for the .net TLD. In this case Verisign is the registry for the .net TLD.<br>+ − 5). The .net name servers will see that “CommunityDNS” belongs to a specific network provider, thus returning to the browser the IP address of the next name server along the path.<br>+ − 6). The name server for CommunityDNS’ network provider will provide the information to reach CommunityDNS’ name server. Because multiple addresses may fall under the “communitydns.net” naming structure, such as “communtitydns.net”, “blog.communitydns.net” and “lab.communitydns.net”, being directed to CommunityDNS’ name server will allow for identifying the specific IP address for www.communitydns.net. <br>+ − 7). Your browser’s query of CommunityDNS’ name server will then yield an “authoritative”, or final response with the specific IP address of www.communitydns.net.<br>+ − 8). With your browser now having the specific destination IP address a connection is made directly with www.communitydns.net.+ Line 21:
Line 21: − 1). Your [[ISP]]’s name server<br>+ − 2). The [[Root Server|root servers]]<br>+ − 3). The [[TLD]] name servers<br>+ − 4). The name servers of the destination server’s network provider<br>+
no edit summary
'''How DNS Works:''' The operation of [[DNS]] remains a mystery for the majority of those using the Internet today. Each name server encountered along the way is known as a recursive name server as it’s job is to provide your browser with an address of a suggested name server that will be one step closer in obtaining the specific [[IP address]] of the desired destination site. In this case the name server that yields the actual IP address is known as the authoritative [[Name Server|name server]]. Here is a brief example of how the Internet works. For purposes of this example we will be locating the destination site of [[CommunityDNS]], or http://www.communitydns.net.
'''How DNS Works:''' The operation of [[DNS]] remains a mystery for the majority of those using the Internet today. Each name server encountered along the way is known as a recursive name server as it’s job is to provide your browser with an address of a suggested name server that will be one step closer in obtaining the specific [[IP address]] of the desired destination site. In this case the name server that yields the actual IP address is known as the authoritative [[Name Server|name server]]. Here is a brief example of how the Internet works. For purposes of this example we will be locating the destination site of [[CommunityDNS]], or http://www.communitydns.net.
# You, the user, enters www.communitydns.net in the address bar of your browser.<br>
# Your browser sends a request to the DNS server of your respective ISP.<br>
# Your [[ISP]]’s [[DNS]] server does not have a destination [[IP address]] for communitydns.net so then informs your browser to query the root servers at the top of the global [[DNS]] hierarchy. Your [[ISP]] has a list of all of the [[Root Server|root servers]] around the globe and rotates through this list to determine which root server your browser will ultimately send its request to. Your request could go to a root server nearest you or half way around the world.<br>
# Your browser sends its request for www.communitydns.net to the root server. Since the root servers only know the destination of [[TLD]]s your browser is returned the address of the registry name servers that are responsible for the .net TLD. In this case Verisign is the registry for the .net TLD.<br>
# The .net name servers will see that “CommunityDNS” belongs to a specific network provider, thus returning to the browser the IP address of the next name server along the path.<br>
# The name server for CommunityDNS’ network provider will provide the information to reach CommunityDNS’ name server. Because multiple addresses may fall under the “communitydns.net” naming structure, such as “communtitydns.net”, “blog.communitydns.net” and “lab.communitydns.net”, being directed to CommunityDNS’ name server will allow for identifying the specific IP address for www.communitydns.net. <br>
# Your browser’s query of CommunityDNS’ name server will then yield an “authoritative”, or final response with the specific IP address of www.communitydns.net.<br>
# With your browser now having the specific destination IP address a connection is made directly with www.communitydns.net.
The process is simple, straight forward and elegant. However, “Simple, straight forward and elegant” does not mean it is without flaw.
The process is simple, straight forward and elegant. However, “Simple, straight forward and elegant” does not mean it is without flaw.
'''Exploiting the vulnerability:''' Criminals hijack sessions by targeting recursive, or non-authoritative name servers and poisoning the cache that resides within a specific recursive name server. In the earlier example eight distinct steps were identified from when a user first enters a destination in their browser to when the browser actually connects to the destination site. Four of the seven steps deal with redirecting, or bouncing your browser from one recursive name server to another, all narrowing in on the desired destination. In this case the name servers that redirected queries were:
'''Exploiting the vulnerability:''' Criminals hijack sessions by targeting recursive, or non-authoritative name servers and poisoning the cache that resides within a specific recursive name server. In the earlier example eight distinct steps were identified from when a user first enters a destination in their browser to when the browser actually connects to the destination site. Four of the seven steps deal with redirecting, or bouncing your browser from one recursive name server to another, all narrowing in on the desired destination. In this case the name servers that redirected queries were:
# Your [[ISP]]’s name server<br>
# The [[Root Server|root servers]]<br>
# The [[TLD]] name servers<br>
# The name servers of the destination server’s network provider<br>
Within each of the above four possible vulnerabilities it is possible for each name server to store within its cache the address of recently queried destination sites. The temporary caching of such destination addresses reduce the number of query attempts, thus making for faster connections. In this case criminal behavior works to take advantage of this feature by poisoning the cache with the insertion of a false destination site address. What that means is anyone who has a query for the same destination site that lands on the name server with the poisoned cache will have their request hijacked to the site prepared for some form of online crime.
Within each of the above four possible vulnerabilities it is possible for each name server to store within its cache the address of recently queried destination sites. The temporary caching of such destination addresses reduce the number of query attempts, thus making for faster connections. In this case criminal behavior works to take advantage of this feature by poisoning the cache with the insertion of a false destination site address. What that means is anyone who has a query for the same destination site that lands on the name server with the poisoned cache will have their request hijacked to the site prepared for some form of online crime.