DNS cont. #
For a backup authoritative DNS server (secondary), resource records inserted into .com TLD DNS server, by DNS registrar:
(networkutopia.com, dns2.networkutopia.com, NS, TTL)
(dns2.networkutopia.com, 212.212.212.2, A, TTL)
In your company’s authoritative DNS server, you should have the following resource records for web server, email server (etc):
(www.networkutopia.com, somethingelse.networkutopia.com, CNAME, TTL)
(somethingelse.networkutopia.com, 212.212.212.56, A, TTL)
(networkutopia.com, mailserver.networkutopia.com, MX, TTL)
(mailserver.networkutopia.com, 212.212.212.89, A, TTL)
DNS Poisoning #
Lets say its the first time that we are visiting a site, we will first ask the local DNS …
What if a man in the middle (in the same local area network with client), he can intercept the query from the client.
At the 7th step, the man in the middle can send a reply on behalf of the root.
The faked 7th step is a bogus answer to the clients query.
So if we’re asking for www.abcd.com, and the real address is 123.54.8.9, the bogus answer will respond with a different IP address.
The bogus IP will arrive at the local DNS before the real one will, and it will be cached.
If the faked website looks identical to the real one, they can have their information stolen.
DNS-based DDoS #
Query: what is the IP address for www.abcd.com?
The source IP should be the client’s IP.
But what if the client is part of the attack?
So maybe the query is actually: what is the IP address for www.abcd.com, BUT the client changed their source IP address to be the same IP as (for example) Google?
So this will redirect step 8 back to Google:
What if we can manage to have 1 million machines do the same thing?
This can overwhelm the server.
P2P (Peer to peer) #
This increases linearly with \( N \) .
