An Attack-in-Depth Analysis of multicast DNS and DNS Service Discovery

Presented at TROOPERS17 (2017), March 20, 2017, 10:30 a.m. (Unknown duration).

Multicast DNS and DNS Service Discovery are two protocols widely used for Zero Configuration Networking purposes from several different devices and vendors. These two protocols are also the basis for other services, which offer even remote access capabilities ("Back to My Mac" is a notable example). Due to their objective of assisting Zero Configuration Networking, these protocols, which assume a "cooperating participants" environment, have some inherent weaknesses, like the "generous" broadcasting of a lot of information, and the use of easily "spoofable" messages. While these problems have been identified and related research has been published, a complete and in-depth threat analysis of all the potential attacking possibilities has not been presented. This paper aims at filling this gap by providing a thorough study of the attack surface of these two protocols. By following closely the RFC specifications, potential attack vectors and specific testing scenarios are identified, which are examined against real life implementations. Specifically, these attacks are tested against popular devices, implementations and Operating Systems by using a tool specifically developed for this purpose, both for IPv4 and IPv6 environments. As it is shown, if this "cooperating participants" environment cannot be guaranteed, the use of such protocols should highly be reconsidered.


Presenters:

  • Antonios Atlasis
    Antonios Atlasis is an IT Security researcher with a special interest in IPv6 (in)securities. His work has been presented in several IT Security conferences and it has resulted in the discovery of various IPv6-related vulnerabilities. He is the author of Chiron, an IPv6 specialized and very flexible security assessment tool.

Links:

Similar Presentations: