By Raul Bernardino
Introduction:
The “Domain Names Systems (DNSs)
are supporting the internet infrastructure to resolve the host names to the
internet protocol (IP) or from IP to the host names,” (Davidowicz, D. (1999). The function of the DNS is
similar to the telephone directory, in which is helping human being to easily
memorize the host names rather than computer numeric addresses. The fundamental
functions of the DNS are follows:
- Forward resolution: The forward resolution known as translating from host name in to the IP address
- Inverse resolution: The inverse resolution known as translating the IP address in to the host name
Initial the DNS is designed with a
security embedded. It is public database and not restricted of the accesses.
Therefore, it is vulnerable and the bad guy can be intercepted the message, as it
shows in the below diagram:
How DNS Poisoning happen?
First of all DNS resolves the query
internally then if it is not found, the DNS server will be passing the query to
the other servers. The following server may contain wrong information and
replying to the requested server. Here
is the caching of the poison happened as it shows in below diagram:
The host-1 is willing
to browse 'ourdns.example.org'. The local server has not have the answer. The
local server then passing the query to the other server and other server
responding with the 'brokendns.exemple.org' information. It is now cached in the
local server. From now on, anyone from the same network that request or
browse the address of 'ourdns.exemple.org' the local server will be giving the wrong information. Here, we called DNS cache poisoning. The attacker can be used
this opportunity to establish communication with the host-1 as the victim.
The attacker
intentional formulate misleading information with the rogue server name as it
shows in the below diagram:
The
established communication called spoofing of the host name.
How to prevent?
To prevent and
minimized the DNS cache poisoning, the network administrators are adding
firewall, proxy, Gateways, and Intrusion detection system.
The firewall is isolating a private network to the
internet connection in which to allow several packets to pass through and also
block several packets, as it show in the below diagram:
The gateway or router firewall: The gateway application functions as
follows:
- Filtering the packets on the application data as well as on the TCP/IP/UDP
- Allowing several internal users to use telnet to communicate outsider as it shows in the below diagram:
The intrusion detection system (IDS) as follows:
- Filtering Packets: The packet filters are operation on the TCP or IP headers and it is not related to the check among session
- IDS: The IDS has a deep inspection to the packets such as to identify the strings with the antivirus data-base and attack string. It is also examining the related packets over port scanning, network mapping, and Denial of the service attack
As it is shows in the below diagram:
In conclusion: DNS is designed to be a public data-base
and have no security embedded. Therefore, we have to configure our network with
firewall or router firewalls whereas to minimized the attacks and prevent the
spam’s or viruses going to our network.
References list:
- Kurose, J.F. & Ross, K.W. (2010) Computer Networking: A Top-Down Approach. 5th ed. Boston: Addison Wesley
- University of Liverpool/Laureate Online Education (2011) Lecture notes from Computer Networking Module Seminar 7 [Online]. Available from: University of Liverpool/Laureate Online Education VLE (Accessed: 16 September 2011)
- Security in the Network, [Online]. Available from: http://www.informit.com/articles/article.aspx?p=31339&seqNum=2 (Accessed: 17 September 2011)
- Davidowicz, D. (1999), Domain Name System, [Online]. Available from: http://compsec101.antibozo.net/papers/dnssec/dnssec.html (Accessed: 17 September 2011)