MaginotDNS

介绍

MaginotDNS is a powerful cache poisoning attack against DNS servers that simultaneously act as recursive resolvers and forwarders (termed as CDNS). The attack is made possible through exploiting vulnerabilities in the bailiwick checking algorithms, one of the cornerstones of DNS security since the 1990s, and affects multiple versions of popular DNS software, including BIND and Microsoft DNS.

Through field tests, we find that the attack is potent, allowing attackers to take over entire DNS zones, even including Top-Level Domains (e.g., .com and .net). Through a large-scale measurement study, we also confirm the extensive usage of CDNSes in real-world networks (up to 41.8% of our probed open DNS servers) and find that at least 35.5% of all CDNSes are vulnerable to MaginotDNS. After interviews with ISPs, we show a wide range of CDNS use cases and real-world attacks.

We have reported all the discovered vulnerabilities to DNS software vendors and received acknowledgments from all of them. 3 CVE-ids have been published, and 2 vendors have fixed their software. Our study brings attention to the implementation inconsistency of security checking logic in different DNS software and server modes (i.e., recursive resolvers and forwarders), and we call for standardization and agreements among software vendors.

论文

Xiang Li, Chaoyi Lu, Baojun Liu, Qifan Zhang, Zhou Li, Haixin Duan, and Qi Li. The Maginot Line: Attacking the Boundary of DNS Caching Protection. In Proceedings of the 32nd USENIX Security Symposium (USENIX Security ‘23). Anaheim, California, August 9–11, 2023. [PDF] [Slides] [Video] [Code]

(Acceptance rate: 422/1,444=29.2%, Acceptance rate in summer: 91/388=23.5%, Acceptance rate in fall: 155/531=29.2%), Acceptance rate in winter: 176/525=33.5%)

演示

👀 演示

On-path Attack of Microsoft DNS: Attack video.
Off-path Attack of Microsoft DNS: Attack video.
On-path Attack of BIND: Attack video.
Off-path Attack of BIND: Attack video.
On-path Attack of Knot Resolver: Attack video.

漏洞

🐞 总数（3）

工具

🔧 网络扫描器：XMap

XMap 是一款兼含 IPv6 与 IPv4 网络空间探测功能的快速扫描器。

报道

🆕 报道和安全公告

50+科技媒体报道，如BleepingComputer and APNIC
奥地利政府CERT每日安全公告
瑞典政府CERT每周安全公告
伯恩茅斯大学CERT安全公告

🆕 报道和安全公告列表

AlienVault: News
All InfoSec News: News
Altus Intel: News
Anti-Malware.ru: News
APNIC: News
BelEn News and Lifestyle: News
BleepingComputer: News
Blog elhacker.NET: News
Bournemouth University (BU) CERT on 15/08/2023: News
BreachForums: News
Broadband Reports: News
CICESE: News
CaveiraTech: News
Cyber Reports: News
CyberIQs: News
Cyware Labs: News
Desde Linux: News
DevBytes: News
Facebook: News
Fagen Wasanni Technologies: News
First Hackers News: News
FreeFlarum: News
GovCERT Austria on 14/08/2023: News
Hispasec UnaAlDia: News
How 2 Do: News
ITSec.Ru: News
IlSoftware.it: News
Informazione.it: News
Infosec Exchange: News
Italy 24 Press News: News
Jetico: News
MalwareTips: News
Menéame: News
News YCombinator: News
Notizie today: News
OpenNet: News
OpenSecurity: News
PRSOL:CC: News
Red Hot Cyber: News
Reddit: News
Risky Biz: News
SNAS Internet Storm Center: News
SecNews.gr: News-zh-cn
SecNews.gr: News
Secure Hunter: News
Security Lab: News
SecurityWeek: News
Sweden CERT on 18/08/2023: News
TS2 Space: News
TechWar.GR: News
UPV/EHU: News
Una al Día: News
Vumetric Cyber Portal: News
carder.uk: News
e-security.bg: News
lasgasolineras.es: News
notizie.today: News
techxpub.de: News
360CERT安全日报（2023.08.14）: News
合天网安实验室-网络安全日报（2023年08月15日）: News
快米云: News
資安日報: News