Advertisement
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012
Dec. 17, 2012•0 likes•715 views
0 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
DefCampFollow
DefCampAdvertisement
Advertisement
Advertisement
Recommended
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...OpenDNS
Defcon 18: FOCA 2Chema Alonso
.ZA DNSSEC Implementation - iWeek2017dotZADNA
Anton Chuvakin on Discovering That Your Linux Box is HackedAnton Chuvakin
Cullen Jennings’s Presentation at eComm 2009eCommConf
Dns and ircZekriaMuzafar
CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012
- Teodor Pripoae P2P DNS Systems
- What means DNS ? Domain name system
- What means DNS ? Domain name system Hierachical distributed naming system
- What means DNS ? Domain name system Hierachical distributed naming system Controlled by ICANN
- Why changing DNS ? Controlled by a single entity
- Why changing DNS ? Controlled by a single entity Very easy to take down a domain by American Government or Hollywood Media Corporations with similar laws to ACTA or SOPA
- Looks familiar ?
- Alerternative ?
- P2P DNS System
- Features What should feature a distributed DNS system ?
- It must not have any single entity that controls the others Conclusion: it must be P2P with not central node It must be open source
- Implementations P2P-DNS: https://github.com/Mononofu/P2P-DNS Namecoin: http://dot-bit.org/Namecoin Censormenot: https://github.com/teodor-pripoae/censormenot
- P2P-DNS Records authenticated by a public/private key system All nodes know all othe nodes and the cache all know domains
- Attacks Atack 1: An attacker can only poison the cache of a single node Atack 2: An attacker can flood the network with fake domains
- Defense methods For attack 1: opinion of the majority is correct and a web trust (opinions of nodes are weighted by your trust to them. For attack 2: similar tools used for email spam prevention systems
- Disadvantages Storing all key pairs Everyone can register any domain now even those which already exist in the real dns system
- Namecoin Based on bitcoin system .bit TLD Similar private/public keys encryption Buy domains with namecoins which can be converted from bitcoins
- Censormenot Why is it different ?
- Not a full dns system, but a cache one
- Not a full dns system, but a cache one Add a domain lookup only when you need it.
- Not a full dns system, but a cache one Add a domain lookup only when you need it. Multiple plausible domains based on a trust value which can be voted
- How it looks / works ?
- Resources https://github.com/namecoin/namecoin https://github.com/Mononofu/P2P-DNS https://github.com/teodor-pripoae/censorm http://www.youtube.com/watch?v=YNZDhPIdah
- Contributors Dan Serban: https://github.com/dserban Alexandru Tache https://github.com/hadesgames
Advertisement