DNSSECTION @ DEF CON 28 SAFE MODE
DNSSECTION: A practical attack on DNSSEC Zone Walking
Abstract
Domain Name System (DNS) is an ubiquitous and essential component of the Internet. It performs translations between identifiers and resources (mostly domain names and computers, but not only), yet remains often invisible to the user. But DNS is not harmless: although not intended to be a general purpose database, it has been extended to incorporate additional types of information. Including information that should not be there.In this talk we show how to exploit DNSSEC zone walking to perform advanced recon operations, on a real case, namely to obtain client private information from a large European cloud provider. This constitutes the first practical zone walking attack at such a scale.
Using this exploit we collected a substantial amount of private information, enough to share some interesting statistics. By the end of this talk, you will have everything you need to know to perform similar attacks -- and resist them.
Talk
Recording and slides can be found at defcon.org. Direct links: TALK, SLIDES, Q&A.Demo
This domain is itself a demo for the talk. Feel free to experiment with the tools presented in the talk on dnssection.ovh.Contact
Feel free to contact the authors on our team website contact page.Authors
By Hadrien Barral, Rémi Géraud-Stewart, Amaury Barral and David Naccache.ENS Information Security Group @ Ecole Normale Supérieure / PSL University