Click here to load reader
Upload
vngundi
View
384
Download
0
Embed Size (px)
DESCRIPTION
Presentation by ICANN
Citation preview
DNS Security for CERTs- Attack Scenarios & Demonstrations -
Chris EvansDelta Risk, LLC
7 March 2010
1
Attack Overview
• These attacks are demonstrations only
• They are not intended to incite FUD
• Rather, they are intended to
– Show you what’s possible!
– Open a discussion for mitigation & response actions!
2
Fear,
Uncertainty,
Doubt
Architecture
• Your Ubuntu VM, Windows TS, Your Host
• Attack Server (192.168.85.5)
• Target NameServer (182.168.101.10)
• Registry System (192.168.101.50)
• Mail Server (192.168.101.50)
3
Architecture
• The Target Nameserver
– Bind 9.4
• The Registry System
– A simple PHP application built just for this demonstration – it has security holes in it!
• The Mail Server
– A webmail system for you to view “phishing” emails
– Login: studentX, password: studentx
4
Scenarios
• Cache Poisoning
– Targets the NameServer
– Effects Visible Through DNS Queries, Phishing Email
• NameServer Redelegation
– Targets the NameServer via the Registry Web System
– Effects Visible Through DNS Queries
• Malicious Use
– Targets Individual VMs or Hosts
– Effects Visible Through Traffic Analysis
5
Rules of Engagement
• You can use your own systems for these scenarios
• Nothing here is truly malicious – even the botdemonstration – it can all be removed easily
• The phishing email will NOT do anything malicious –it will show you a link…
– The website it directs you to will NOT do anything malicious…
• If you prefer to use the VMs:
– Use your Ubuntu VM for DNS queries & traffic analysis
– Use your Windows TS as the “infected” bot
6
Let’s Party…
7
• Any questions on connectivity?
• If you are having trouble getting connected, please pair up with a neighbor for the exercises!
?