LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@aoimidori27(Midori Kato)

The Damage of Kaminsky Attack in the IPv6 network

Last updated at Posted at 2017-04-09
Page 1 of 27

About Publication

What You Would Learn

  1. Kaminsky Attack
  2. Attack Impact on the IPv6 host network

Kaminsky Attack

  • Dan Kaminsky discovers a serious vulnerability in DNS

  • This vulnerability leads clients to fake servers that the attacker chose

alt

[for beginners] DNS (Domain Name System)

  • DNS is a phone book for the Internet
  • DNS Server serves delegation service system

image

[for beginners] DNS Cache

  • Caching address resolutions saves time and mitigates traffic overload

image

DNS Cache Poisoning

  • a type of attack that exploits DNS
  • An attacker registers a fake DNS server as an authorized one in a DNS cache server
  • The DNS cache server returns an incorrect IP address for the client query

image

DNS Cache Poisoning mechanism

image

  • QID (Query ID) is 16-bit field
    • 65534 (2^16) is not big number

Limited damage of DNS Cache Poisoning Attack

  • An attacker hijacks a client access only when he/she can snoop his/her queries
  • DNS Cache will expire after a while

Kaminsky Attack is more Powerful

  • unlimited damage
    • An attacker hijacks a DNS cache server without clients' queries
    • independent of time expiration

Kaminsky Attack mechanism

  1. An attacker asks to resolve a fake address to the DNS cache server
  2. The DNS cache server asks the fake query to the authorized DNS server
  3. An attacker sends a fake response from his DNS server before the one from the authorized DNS server
    • Condition: QID in the attacker's response must be same with the authorized one
  4. The DNS cache server gains the fake response and overwrites the authorized DNS server

Patches

  1. Source port randomization
    • don't use fixed QID
    • QID extension field from 16-bit to 32-bit
  2. network monitoring
    • provision the intensive DNS response

Ultimate solution

DNSSEC (Domain Name System Security Extensions)

  • use keys for queries/response

BUT DNSSEC is not coming soon :(

Kaminsky Attack Damage on the IPv6 network

Q1. Bigger, smaller or same impact compared to the IPv4 network?
Q2. Why?
Q3. How to solve this attack?

[for beginners] IPv4 and IPv6

IPv4

  • Internet Protocol version 4
  • 32bit address long
  • decimal representation (e.g., 8.8.8.8)

IPv6

  • Internet Protocol version 6
  • 128bit address long
  • hexadecimal representation (e.g., 2001:4860:4860::8888)

[for beginners] Which IP version is popular?

  • Answer: IPv4

  • BUT impending shortage of IPv4 address space

    • 4.29 billion (2^32) is not large address space for us

  • using IPv6 is getting popular for data center network service

    • e.g., facebook, Google

[for beginners] Similarity and Difference between IPv4 and IPv6

  • In most aspect, the IPv6 protocol is very similar to IPv4
  • However, in some design and operational area, there is difference => address assignment policy

Address Assignment Policy

  • IPv4 - a single IP address per devices
  • IPv6 - multiple IP addresses per devices

Benefits having multiple IP addresses

  • client perspective

    • app performance with multi-core CPU
    • running virtual machines on a device
    • no NAT

  • business perspective

    • operational challenge
    • network architecture challenge

IPv4 Address Assinment Options

  1. use DHCP (Dynamic Host Configuration Protocol)
    • DHCP automatically provides a host with its IP address and other related configuration information
  2. configure an IP address manually

IPv6 Address assignment Options

  1. use RA (Routing Advertisement)
    • RA tells a host routing path
  2. use RA + DHCPv6
  3. use DHCPv6
  4. configure an IP address manually

Why You need to understand address assignment options?

  • because DNS servers' info is conveyed with an IPv4/IPv6 address

4-step for IPv4 Address Assignment using DHCP

  1. DHCP Discover
    • Client Host: "Is any DHCP server here? Give me an IP address."
  2. DHCP Offer
    • DHCP Server: "Yes, I am here. How about this IP address? If you use this address, these relative info can be used."
  3. DHCP Request
    • Client Host: "Thanks! I gonna use this address and relative info."
  4. DHCP Ack
    • DHCP Server: "Ok, I register your address to my database."

IPv6 Addressing Overview

  • A prefix and a subnet IDs are given either by RA or by DHCPv6
  • An interface ID is either given by DHCPv6 or generated by a host

image

How to get DNS servers info with IPv6

  • RA or DHCPv6 conveys DNS info
  • A host can select which timing it receives DNS server info.

Again, Kaminsky Attack Damage on the IPv6 network

Q1. Bigger or smaller impact compared to the IPv4 network?
Q2. Why?
Q3. How to solve this attack?

Discussions @ coffee with science meetup

Reference

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?