MoinQ: DNS/毒盛/2020/saddns.net/sections

• RecentChanges
• FindPage
• HelpContents
• sections

• Immutable Page
• Comments
• Info
• Attachments
• More Actions: Raw Text Print View Render as Docbook Delete Cache ------------------------ Check Spelling Like Pages Local Site Map ------------------------ Rename Page Delete Page ------------------------ Subscribe User ------------------------ Remove Spam Revert to this revision Package Pages Sync Pages ------------------------ CreateNewPage Load PageActions Save SlideShow Thumbnails

1 INTRODUCTION

2 CURRENT STATE OF DNS CACHE
2.1 State-of-the-Art Defenses
2.2 New Attack Surface in the DNS Hierarchy

3 ATTACK OVERVIEW

4 INFERRING DNS QUERY’S SOURCE PORT
4.1 Analysis of UDP Source Port Scannability
4.2 ICMP Rate Limit Challenge
4.3 Public-Facing Source Port Scan Method
4.4 Private Source Port Scan Method
4.5 Vulnerable DNS Forwarder and Resolver

5 EXTENDING THE ATTACK WINDOW
5.1 Extending Window in a Forwarder Attack
5.2 Extending Window in a Resolver Attack

6 PRACTICAL ATTACK CONSIDERATIONS

7 END-TO-END ATTACKS
7.1 Attacking a Forwarder (Home Router)
7.2 Attacking a Production Resolver

8 DISCUSSION
8.1 Defenses

MoinQ: DNS/毒盛/2020/saddns.net/sections (last edited 2020-11-16 23:55:47 by ToshinoriMaeno)

• Immutable Page
• Comments
• Info
• Attachments
• More Actions: Raw Text Print View Render as Docbook Delete Cache ------------------------ Check Spelling Like Pages Local Site Map ------------------------ Rename Page Delete Page ------------------------ Subscribe User ------------------------ Remove Spam Revert to this revision Package Pages Sync Pages ------------------------ CreateNewPage Load PageActions Save SlideShow Thumbnails

• MoinMoin Powered
• Python Powered
• GPL licensed
• Valid HTML 4.01