EDNS Client Subnet (ECS) - DNS CDN Magic or Security Black Hole?

Presented at NolaCon 2017, May 19, 2017, 4 p.m. (Unknown duration)

In January, 2011, the first version of Client subnet in DNS requests (draft-vandergaast-edns-client-subnet-00) was published as a collaborative effort by researchers from Google, Verisign and Neustar. This document defines a specific option 8 - which "conveys network information that is relevant to the message but not otherwise included in the datagram," allowing for both recursive and authoritative DNS servers to gain information regarding the network origin of the DNS request. This draft has been adopted as RFC 7871 and is currently undergoing review. The theory behind EDNS0 Option 8, more commonly known as EDNS0 Client Subnet, is that by gaining insight into request origin, DNS servers are able to direct endpoint clients to the closest geographic location via DNS response. This discussion will provide an overview of the current state and implementation of EDNS0 Client Subnet and its use in practice. We will also discuss the privacy and security implications faced when implementing EDNS Client Subnet. We will follow this up with an explanation for tools and techniques we used to measure proliferation of EDNS0 Client Subnet as well as share some of the data we collected and propose the implementation of standards for deployment.

Presenters:

  • Jim Nitterauer
    Jim Nitterauer, CISSP is currently a Senior Security Specialist at AppRiver, LLC. His team is responsible for global network deployments and manages the SecureSurf global DNS and SecureTide global SPAM and Virus filtering infrastructure as well as all internal applications and helps manage security operations for the entire company. He presents regularly at local regional and national conferences. He writes regularly for the AppRiver blog, Tripwire and Peerlyst. He is also well-versed in ethical hacking and penetration testing techniques, has joined the staff of BSides Las Vegas and has been involved in technology for more than 20 years. Twitter: @JNitterauer

Links:

Similar Presentations: