From Event to Action: Accelerate Your Decision Making with Real-Time Automation
0x20 hack
1.
2. DNS vulnerabilities are teh shitz
The Dan Kaminskys find a way to
do dns cache poisoning… on
the Internet
Everyone freaks out
He gives some solutions like
DNSSEC
Everyone goes… yeah right. See
you in 2013
People freak out again
3. Inject a fake DNS result into a caching DNS
server
Clients requesting that hostname will be given
the malicious response
Works for as long as TTL is set
Example:
› Vulnerability in BIND exploited
› Injects a cached response for www.google.com
› Grandma goes to www.google.com, and is
redirected
4.
5. DNSSEC (we’re getting there)
Patch your DNS server (yes of course, but not an actual
solution)
Disable caching (not realistic in most cases)
Randomize Name Servers (helps limit the affect of a
poison)
Prepending a nonce to queries (balls930282-
fwq.www.rochester2600.com - effective but “omg what’s
a nonce”)
Removing duplicate queries (mitigate birthday attack)
0x20 Hack
6.
7.
8. Refers to the simplest hack to modify the case of a
DNS requests
0x20 bit manipulation is lower CPU cost compared to
for example Python to change the case of a string
Turns out every DNS server ever can handle this hack
Requests need to generate a random bitmask
Only works if the DNS server does not pay attention
to case
No entropy for TLR or number domains but helps most
hostnames