## page was renamed from Fragmentation/Amir ## page was renamed from Fragmentation = IP Fragmentation = について、ここに記述してください。 2012年5月17日にイスラエル・バル=イラン大学のA. Herzberg教授とH. Shulman氏により発表された論文、 “Fragmentation Considered Poisonous”で報告 – この時点ではDNS関係者の間では大きな話題にはならず • 2013年8月1日にIETF 87 saag(Security Area Advisory Group)の招待講演において発表 – “DNS Cache-Poisoning: New Vulnerabilities and Implications, or: DNSSEC, the time has come!” – 発表後、dns-operations MLで大きな話題に http://arxiv.org/abs/1205.4011 {{{ Fragmentation Considered Poisonous Amir Herzberg, Haya Shulman (Submitted on 17 May 2012) }}} We present practical poisoning and name-server block- ing attacks on standard DNS resolvers, by off-path, spoofing adversaries. Our attacks exploit large DNS responses that cause IP fragmentation; such long re- sponses are increasingly common, mainly due to the use of DNSSEC. In common scenarios, where DNSSEC is partially or incorrectly deployed, our poisoning attacks allow 'com- plete' domain hijacking. When DNSSEC is fully de- ployed, attacker can force use of fake name server; we show exploits of this allowing off-path traffic analy- sis and covert channel. When using NSEC3 opt-out, attacker can also create fake subdomains, circumvent- ing same origin restrictions. Our attacks circumvent resolver-side defenses, e.g., port randomisation, IP ran- domisation and query randomisation. The (new) name server (NS) blocking attacks force re- solver to use specific name server. This attack allows Degradation of Service, traffic-analysis and covert chan- nel, and also facilitates DNS poisoning. We validated the attacks using standard resolver soft- ware and standard DNS name servers and zones, e.g., org. ----- fyi/fwiw, looks like some of the papers mentioned in today's SAAG talk are returned by this search... ### Invited Presentation - DNS Cache-Poisoning: New Vulnerabilities and Implications Amir Herzberg, Haya Shulman