Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

COSC 417 - Topics in Computer Networks > Lecture 12: DNS Security Intro > Flashcards

Lecture 12: DNS Security Intro Flashcards

1
Q

Who controls what the authoritative name servers says?

A

The domain owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the most common exploit involving DNS?

A

Domain hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the forms domain hijacking can take?

A

The complete seizure of a domain name and transferal of ownership to the malicious party

Malicious redirection of a domain name using the DNS system to point to an incorrect server address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the most common way a domain is hijacked?

A

Theft of domains

Attacker finds a way to access your register account, then using that info to gain access to your account and initiate transfers of your domain names to themselves or a third party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Why would attackers want to steal a domain name?

A
  • Can point domain towards a server that offers a lookalike application to steal client information
  • Use domain name and its existing user base to spread a political message
  • Try to resell domain on the open market
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is some of the built in protection to make domain theft harder?

A
  • ICANN requires a domain can’t be transferred between registrars within 60 days of the last registration change
  • Many registrars offer some form of locking, placing a time lock on when a transfer can occur
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is request hijacking?

A

The attacker listens for DNS requests on the local network and responds to them with incorrect or malicious DNS responses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What type of hijacking does not require that the attacker have control of your register accounts or underlying domain name

A

Request hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some of the forms of DNS request hijacking?

A

Cache poisoning
Subversion of DNS resolvers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does DNS interception work?

A
  • Hijacker listens for appropriate DNS requests
  • Hijackers responds with an incorrect response before the actual DNS resolver returns its response
  • Attack can then direct the user to an incorrect server IP for spoofing or blocking access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why does DNS interception work?

A
  • UDP DNS has no authentication procedure, client has no way of telling it has received a bogus response
  • Attacker can spoof the sending IP address to make it look like it came from the correct resolver IP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the limitations of DNS interception?

A
  • Attack must beat the DNS resolver in returning a response
  • Attacker must be able to scan client traffic
  • These kind of attacks will only hit a minimal number of users
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

COSC 417 - Topics in Computer Networks (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions