Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

In Depth Analysis of Multicast DNS and DNS Service Discovery

Hack In The Box Security Conference via YouTube

Overview

Explore an in-depth analysis of Multicast DNS and DNS Service Discovery protocols in this conference talk from Hack In The Box Security Conference. Delve into the inherent weaknesses of these Zero Configuration Networking protocols, including their generous broadcasting of information and use of easily spoofable messages. Examine the complete threat analysis and potential attack vectors against popular devices, implementations, and operating systems in both IPv4 and IPv6 environments. Learn about the specially developed tool used for testing and the implications of using these protocols in non-cooperative environments. Discover various attack types, including service discovery, information gathering, spoofing, denial of service, and DDoS amplification. Gain insights into the current state of these protocols, recurring problems, and potential mitigation strategies. Benefit from the expertise of Dr. Antonios Atlasis, an IT Security engineer and researcher specializing in network protocol analysis, attacks, and mitigations.

Syllabus

Intro
Objectives
Threat Analysis Methodology
Introduction
In a nutshell...
mDNS: A few more details...
and a few words for DNS-SD
What's the Inherent Problem(s)
Related Work
Types of Attacks
Discovery of available services
A Special Service
Discovering Instances of a Specific Service • Query for a DNS PTR record with a name of
Information Gathering
How Pholus Automates Reconnaissance
Advertised DNS Reverse Mapping
Implicit Network Sweeping
Spoofing Services Manually
Spoofing TXT ans SRV Records
Send Automatically Fake Responses
An Asymmetric Key Verification Example
Spoofing-Related Options
and What About TXT Records?
How to Reproduce Overflow Attempts
Is there Room for DNS Cache Poisoning?
Denial of Service Setting DNS TTL:=0
Setting DNS TTL=0 Using Pholus
Probing
Denial of Service + Net Flooding Creating Conflicts deliberately
Other Dos Capabilities
Generic Flooding of a Network
Direct Unicast Queries
DDoS (Amplification) Attack
Situation Nowadays
Sometimes Problems re-appear...
How to Reproduce the Attacks Using Pholus?
Mitigation?
Permanent Fix?
Conclusions
References
Questions?

Taught by

Hack In The Box Security Conference

Reviews

Start your review of In Depth Analysis of Multicast DNS and DNS Service Discovery

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.