(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Â
Dqb@first ac 2013_lt
1. DQB â DNS Query Blocker
Kunio Miyamoto
Twitter: @wakatono
Facebook: www.facebook.com/wakatono
1Copyright by Kunio Miyamoto
2. DQB â DNS Query Blocker
(in fact, fakes DNS response
rather than blocking DNS query)
Kunio Miyamoto
Twitter: @wakatono
Facebook: www.facebook.com/wakatono
2Copyright by Kunio Miyamoto
3. Introduce myselfâş
Itâs a Joke âş
Copyright by Kunio Miyamoto 3
A member and session chair of
Kyoto 2012 FIRST TC Committee
4. Phishing makes malicious sites
like a real service sites.
Copyright by Kunio Miyamoto 4
Reference:
http://www.atmarkit.co.jp/fsecurity/special/65phishing/phishing01.html
5. MITB viruses inject malicious
forms to real contents
Copyright by Kunio Miyamoto 5
Reference: http://www.smbc.co.jp/security/popup.html
6. Common Spec:malicious hosts
exist
⢠Attacker prepares the host to receive data
of victimsâ like banking information.
⢠Most of malicious host has own FQDN
⢠IP addresses is changed due to their
lifecycle
â Stopping access to malicious hosts that have
fixed IP addresses is easy due to many
technology to take down.
Copyright by Kunio Miyamoto 6
7. Modern Attacks triggered by
Web Access
Copyright by Kunio Miyamoto 7
Which is better, left âGoogleâ or right âGoogleâ ?
Both sites are better(correct) web site âş
8. How to avoid accessing to
malicious host?
⢠HTTP/HTTPS Proxy Server access block
by using Blacklist
â Load of Proxy Rises Up!
⢠Takedown by ISP and Various Service
Provider
â Sometimes Long Term discussion is needed
⢠Temporarily:
â Stop by using DNS fake response
⢠I assume this to use edge network(fake response
from nearest DNS Cache Server)
Copyright by Kunio Miyamoto 8
9. How to make DNS fake
response?
Copyright by Kunio Miyamoto 9
1. Capture DNS request
2. Decide whether the response
of captured request must be
faked or not.
3. Get Request ID,
Source IP/PORT,
Destination IP/PORT,
and request content.
4. Make Fake Response Packet
from information of 2
5. Send fake response to clinet
as soon as possible!
11. Proof of Concept:
Copyright by Kunio Miyamoto 11
About
1ms
1ms from request packet is captured
to response packet (faked) is captured
12. Normal Request/Response
Copyright by Kunio Miyamoto 12
about 10ms from request packet is captured
to response packet (faked) is captured
I defeated the real DNS response speed âş
DNS Response
Chicken Race!
13. Name Resolution Step
interfared by DQB:
⢠1. DNS Request is sent by client
⢠2. Fake DNS Response is sent by DQB
⢠3. Real DNS Response is sent by DNS
Cache
Copyright by Kunio Miyamoto 13
One Request for Two Response!
14. Now in progress of this research
⢠Iâm developing and evaluating the concept
of DNS Query Blocker
â To use linear search for finding DNS query to
fake response spends 1ms for searching
10000 hosts to be blocked
⢠Ideas for more(for example):
Counter to fake response related to the
request of domain name generated by
DGA(Domain Generation Algorithm)
Copyright by Kunio Miyamoto 14
What we call âFuture Workâ âş
15. LIMITATION!
⢠Of course, this mechanism is not suitable
for faking DNS response signed by
DNSSEC mechanism.
Copyright by Kunio Miyamoto 15
16. Copyright by Kunio Miyamoto
Thank you!
@wakatono
If possible, any questions are welcome via email
or Twitter. Of course, in banquet or any
networking time âş
Special thanks to:
My friends (they are illustrator in Japan)
16