Thumbnail Image
Item

All Your DNS Records Point to Us Understanding the Security Threats of Dangling DNS Records

Liu, Daiping
Hao, Shuai
Wang, Haining
Hao, Shuai
Abstract
In a dangling DNS record (Dare), the resources pointed to by the DNS record are invalid, but the record itself has not yet been purged from DNS. In this paper, we shed light on a largely overlooked threat in DNS posed by dangling DNS records. Our work reveals that Dare can be easily manipulated by adversaries for domain hijacking. In particular, we identify three attack vectors that an adversary can harness to exploit Dares. In a large-scale measurement study, we uncover 467 exploitable Dares in 277 Alexa top 10,000 domains and 52 edu zones, showing that Dare is a real, prevalent threat. By exploiting these Dares, an adversary can take full control of the (sub) domains and can even have them signed with a Certificate Authority (CA). It is evident that the underlying cause of exploitable Dares is the lack of authenticity checking for the resources to which that DNS record points. We then propose three defense mechanisms to effectively mitigate Dares with little human effort.
Description
Date
2016-01-01
Journal Title
Journal ISSN
Volume Title
Publisher
Collections
Physics
Show all metadata
Download Dataset
Files
Thumbnail Image
all_your_DNS.pdf
Adobe PDF646.75 KB
Rights Holder
Usage License
Embargo
Research Projects
Organizational Units
Journal Issue
Keywords
Citation
Advisor
Department
Physics
DOI
https://doi.org/10.1145/2976749.2978387
URI
https://scholarworks.wm.edu/handle/internal/1866
Embedded videos