Overview
Explore a powerful cache poisoning attack called MaginotDNS that targets DNS servers functioning as both forwarder and recursive resolver. Delve into the exploitation of vulnerabilities in bailiwick checking algorithms, a fundamental aspect of DNS security since the 1990s. Learn how this attack affects multiple versions of popular DNS software, including BIND and Microsoft DNS. Discover the potency of MaginotDNS through field test results, demonstrating its ability to take over entire DNS zones, even Top-Level Domains like .com and .net. Gain insights into how this attack provides more powerful cache poisoning opportunities compared to previous methods. Presented by Xiang Li, Zhou Li, and Qifan Zhang at Black Hat, this 29-minute conference talk offers a comprehensive look at a significant threat to DNS security.
Syllabus
MaginotDNS: Attacking the Boundary of DNS Caching Protection
Taught by
Black Hat