Day 2 Dns Cert 4 Scenarios

599 views

Published on

Presentation by ICANN

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
599
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Day 2 Dns Cert 4 Scenarios

  1. 1. DNS Security for CERTs - Attack Scenarios & Demonstrations - Chris Evans Delta Risk, LLC 7 March 2010 1
  2. 2. Attack Overview • These attacks are demonstrations only Fear, • They are not intended to incite FUD Uncertainty, Doubt • Rather, they are intended to – Show you what’s possible! – Open a discussion for mitigation & response actions! 2
  3. 3. Architecture • Your Ubuntu VM, Windows TS, Your Host • Attack Server (192.168.85.5) • Target NameServer (182.168.101.10) • Registry System (192.168.101.50) • Mail Server (192.168.101.50) 3
  4. 4. Architecture • The Target Nameserver – Bind 9.4 • The Registry System – A simple PHP application built just for this demonstration – it has security holes in it! • The Mail Server – A webmail system for you to view “phishing” emails – Login: studentX, password: studentx 4
  5. 5. Scenarios • Cache Poisoning – Targets the NameServer – Effects Visible Through DNS Queries, Phishing Email • NameServer Redelegation – Targets the NameServer via the Registry Web System – Effects Visible Through DNS Queries • Malicious Use – Targets Individual VMs or Hosts – Effects Visible Through Traffic Analysis 5
  6. 6. Rules of Engagement • You can use your own systems for these scenarios • Nothing here is truly malicious – even the bot demonstration – it can all be removed easily • The phishing email will NOT do anything malicious – it will show you a link… – The website it directs you to will NOT do anything malicious… • If you prefer to use the VMs: – Use your Ubuntu VM for DNS queries & traffic analysis – Use your Windows TS as the “infected” bot 6
  7. 7. Let’s Party… • Any questions on connectivity? • If you are having trouble getting connected, please pair up with a neighbor for the exercises! ? 7

×