Talk on "Demystifying DNS Attacks" by "Rakesh Seal" at null/OWASP Kolkata Meetup on 27 January 2024

1. Demystifying DNS Attacks
In-Depth Exploration of Malicious DNS Activities

2. $ whoami
Rakesh Seal
● R&D, Keysight (ATI Research)
● Network Security
● Embedded Systems (IoT)
● Full Stack Dev
● Automation Enthusiast
● 10+ Patent Publication
● Play DoTA 👾
rakeshseal0.github.io

3. What is DNS
● Point 1
● Point 2
● Point 3
● Point 4

4. More on DNS

5. DNS Interception (Passive Attack)

6. Types of DNS Attack (Active)
Attack Type Description Individual Techniques
Denial of Service Attacks 󰢃
Attacks aimed at disrupting the normal functioning of a DNS
server, making it unavailable to users.
● DNS Amplification
● DNS Flood
● NXDOMAIN Attack
Cache Poisoning Attacks 🤢
Attacks involving the corruption of DNS cache data to redirect
users to fraudulent sites.
● DNS Spoofing/Cache Poisoning
Hijacking Attacks ✈
Attacks that redirect DNS queries to malicious DNS servers or
websites.
● DNS Hijacking
Data Exfiltration Attacks 󰬬
Attacks that use DNS queries and responses to smuggle data out
of a network.
● DNS Tunneling
Resource Consumption 🖥
Attacks designed to consume the resources of DNS servers,
slowing down their performance.
● Phantom Domain Attack
● Random Subdomain Attack

7. DNS Amplification

8. DNS Sppofing (Cache Poisoning)

9. DNS Sppofing (Cache Poisoning)

10. DNS Hijacking

11. DNS Tunneling

12. DNS Tunneling

13. DNS Tunneling

14. Implications of DNS Attacks
Security Implication Attack Type Attack Name
Service Disruption ● DOS
● Amplification
● DNS DDOS
● DNS Amplification
● NXDomain
● Phantom Domain
● Random Subdomain
Security Breach ● Spoofing
● Tunneling
● DNS Hijacking
● DNS Spoofing
● DNS Cache Poisoning
● DNS Tunneling

15. Mitigation / Advance DNS Defence
DOH / DoT
03 ● Encrypts DNS queries and responses.
DNSSEC
02 ● Ensures DNS data integrity and authenticity.
Security Audits /
Firewall Configuration
01 ● Regular checks and monitoring for unusual DNS activities.
● Restricts DNS traffic to trusted resolvers; blocks unusual patterns.
ODoH
04 ● Separates IP addresses from queries for enhanced privacy.

16. References
Gracias!
● https://www.paloaltonetworks.com/cyberpedia/what-is-a-dns-attack
● https://github.com/zphw/dns-cache-poisoning-demo
● https://github.com/Nick-Triller/damplify