Buy it, Use it, Break it, Fix It. Crash it, Change it, Now upgrade it.
Location Aware DDoS Attacks
Author: Jose Avila | Date: June 17, 2010
The future is coming and change is inevitable! This presentation will dive into how content delivery networks currently announce their networks, and how this may change as a proposed IETF draft gets implemented. The draft allows for an EDNS0 extension to relay source network information to authoritative name-servers. With Google, NeuStar, and Name.com sitting as the heavy backers to this draft, it will most definitely affect some of the largest networks on the planet. Botnets have historically relied on DNS for both hiding their networks and determining their targets. Attackers could leverage this extension to provide an in depth knowledge of a network's geographical layout, in order to launch targeted distributed denial of service attacks!Download PDF HERE
Recursive DNS Cache Auditing
Author: Jose Avila | Date: July 25, 2010
Dan Kaminsky of IOActive recently discovered a flaw in multiple DNS server implementations. The flaw is detailed in US-Cert Vulerability Note VU#800113 Dan coordinated efforts with multiple experts, including Paul Vixie, to organize what could arguably be one of the most responsible disclosures conducted in this industry. This disclosure and subsequent release involved multiple vendors meeting together to discuss issues, and courses of action, and then simultaneously releasing patches to the public. In the months leading up to the public release, Jose Avila of ONZRA discussed the need for an open source solution for detecting cache poisoning events with Dan. This white paper provides a brief background on DNS as it relates to cache auditing, a method for auditing recursive DNS server caches, and the details of CacheAudit, which is based on these auditing methods.Download PDF HERE