MetaCart Sign in to MyCiteSeerX

Include Citations | Advanced Search | Help

Disambiguated Search | Include Citations | Advanced Search | Help

Using the Domain Name System for System Break-ins (1995) [51 citations — 2 self]

Abstract:

The DARPA Internet uses the Domain Name System (DNS), a distributed database, to map host names to network addresses, and vice-versa. Using a vulnerability first noticed by P.V. Mockapetris, we demonstrate how the DNS can be abused to subvert system security. We also show what tools are useful to the attacker. Possible defenses against this attack, including one implemented by Berkeley in response to our reports of this problem, are discussed, and the limitations on their applicability are demonstrated. This paper was written in 1990, and was withheld from publication by the author. The body of the paper is unchanged, even to the extreme of giving the size of the Internet as 200,000 hosts. An epilogue has been added that discusses why it was held back, and why it is now being released.

Citations

539 An Authentication Service for Open Network Systems – Steiner, Neuman, et al. - 1988
287 Kerberos: An Authentication Service for Computer Networks – Neuman, Ts’o - 1994
199 Security problems in the TCP/IP protocol suite – Bellovin - 1989
98 Limitations of the Kerberos authentication system – Bellovin, Meritt - 1990
71 Kerberos authentication and authorization system – Miller, Neuman, et al. - 1987
65 A Simple Network Management Protocol (SNMP – Case, Fedor, et al. - 1988
47 The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage – Stoll - 1989
37 Domain names - concepts and facilities. Request for Comment (RFC – Mockapetris - 1987
18 Domain names - implementation and specification. Request for Comments (Standard – Mockapetris - 1987
16 The kerberos network authentication service (V5). Request for Comments (Proposed Standard – Kohl, Neuman - 1993
15 DNS and BIND Security Issues – Vixie - 1995
12 A weakness in the 4.2BSD Unix TCP/IP software. Computer Science – Morris - 1985
11 Domain name system protocol security extensions. Internet draft; work in progress, January 30 – Eastlake, 3rd, et al. - 1996
9 Pseudo-Network Drivers and Virtual Networks - Extended Abstract – Bellovin - 1990
9 Designing an Authentication System: A Dialogue in Four Scenes – Bryant - 1988
9 Addressing weaknesses in the domain name system protocol – Schuba, Spafford - 1993
View or Download | Add to My Collection | Correct Errors