DeepAI AI Chat
Log In Sign Up

Whac-A-Mole: Six Years of DNS Spoofing

11/25/2020
by   Lan Wei, et al.
0

DNS is important in nearly all interactions on the Internet. All large DNS operators use IP anycast, announcing servers in BGP from multiple physical locations to reduce client latency and provide capacity. However, DNS is easy to spoof: third parties intercept and respond to queries for benign or malicious purposes. Spoofing is of particular risk for services using anycast, since service is already announced from multiple origins. In this paper, we describe methods to identify DNS spoofing, infer the mechanism being used, and identify organizations that spoof from historical data. Our methods detect overt spoofing and some covertly-delayed answers, although a very diligent adversarial spoofer can hide. We use these methods to study more than six years of data about root DNS servers from thousands of vantage points. We show that spoofing today is rare, occurring only in about 1.7 the rate of DNS spoofing has more than doubled in less than seven years, and it occurs globally. Finally, we use data from B-Root DNS to validate our methods for spoof detection, showing a true positive rate over 0.96. B-Root confirms that spoofing occurs with both DNS injection and proxies, but proxies account for nearly all spoofing we see.

READ FULL TEXT

page 1

page 2

page 3

page 4

03/06/2020

Defense against adversarial attacks on spoofing countermeasures of ASV

Various forefront countermeasure methods for automatic speaker verificat...
08/25/2020

Divider: Delay-Time Based Sender Identification in Automotive Networks

Controller Area Network (CAN) is one of the in-vehicle network protocols...
06/15/2021

Spoofing Generalization: When Can't You Trust Proprietary Models?

In this work, we study the computational complexity of determining wheth...
06/18/2020

GNSS Spoofing Detection via Opportunistic IRIDIUM Signals

In this paper, we study the privately-own IRIDIUM satellite constellatio...
02/14/2023

Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy

The critical role played by email has led to a range of extension protoc...
04/11/2020

Visual Spoofing in content based spam detection

"Subject: Please send money Body: I am so distraught. I thought i could ...