ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with
Query-Response Fuzzing
- URL: http://arxiv.org/abs/2310.03202v1
- Date: Wed, 4 Oct 2023 23:17:32 GMT
- Title: ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with
Query-Response Fuzzing
- Authors: Qifan Zhang, Xuesong Bai, Xiang Li, Haixin Duan, Qi Li and Zhou Li
- Abstract summary: Domain Name System (DNS) resolvers are the central piece of the DNS infrastructure.
Finding the resolver vulnerabilities is non-trivial, and this problem is not well addressed by the existing tools.
In this paper, we present a new fuzzing system termed ResolverFuzz to address the challenges related to DNS resolvers.
- Score: 22.15711226930362
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Domain Name System (DNS) is a critical component of the Internet. DNS
resolvers, which act as the cache between DNS clients and DNS nameservers, are
the central piece of the DNS infrastructure, essential to the scalability of
DNS. However, finding the resolver vulnerabilities is non-trivial, and this
problem is not well addressed by the existing tools. To list a few reasons,
first, most of the known resolver vulnerabilities are non-crash bugs that
cannot be directly detected by the existing oracles (or sanitizers). Second,
there lacks rigorous specifications to be used as references to classify a test
case as a resolver bug. Third, DNS resolvers are stateful, and stateful fuzzing
is still challenging due to the large input space.
In this paper, we present a new fuzzing system termed ResolverFuzz to address
the aforementioned challenges related to DNS resolvers, with a suite of new
techniques being developed. First, ResolverFuzz performs constrained stateful
fuzzing by focusing on the short query-response sequence, which has been
demonstrated as the most effective way to find resolver bugs, based on our
study of the published DNS CVEs. Second, to generate test cases that are more
likely to trigger resolver bugs, we combine probabilistic context-free grammar
(PCFG) based input generation with byte-level mutation for both queries and
responses. Third, we leverage differential testing and clustering to identify
non-crash bugs like cache poisoning bugs. We evaluated ResolverFuzz against 6
mainstream DNS software under 4 resolver modes. Overall, we identify 23
vulnerabilities that can result in cache poisoning, resource consumption, and
crash attacks. After responsible disclosure, 19 of them have been confirmed or
fixed, and 15 CVE numbers have been assigned.
Related papers
- Reachability Analysis of the Domain Name System [6.505115615627764]
DNS poses unique challenges for ensuring its security and reliability.
We provide the first decision procedure for the DNS verification problem, establishing its complexity as $mathsf2ExpTime$.
We model two of the most prominent attack vectors on DNS, namely amplification attacks and rewrite blackholing.
arXiv Detail & Related papers (2024-11-15T13:36:01Z) - MTDNS: Moving Target Defense for Resilient DNS Infrastructure [2.8721132391618256]
DNS (Domain Name System) is one of the most critical components of the Internet.
Researchers have been constantly developing methods to detect and defend against the attacks against DNS.
Most solutions discard packets for defensive approaches, which can cause legitimate packets to be dropped.
We propose MTDNS, a resilient MTD-based approach that employs Moving Target Defense techniques.
arXiv Detail & Related papers (2024-10-03T06:47:16Z) - Guardians of DNS Integrity: A Remote Method for Identifying DNSSEC Validators Across the Internet [0.9319432628663636]
We propose a novel technique for identifying DNSSEC-validating resolvers.
We find that while most open resolvers are DNSSEC-enabled, less than 18% in IPv4 (38% in IPv6) validate received responses.
arXiv Detail & Related papers (2024-05-30T08:58:18Z) - Attacking with Something That Does Not Exist: 'Proof of Non-Existence' Can Exhaust DNS Resolver CPU [17.213183581342502]
NSEC3 is a proof of non-existence computation in DNSSEC.
NSEC3-encloser attack can still create a 72x increase in CPU instruction count.
We show that with a sufficient volume of DNS packets the attack can increase CPU load and cause packet loss.
arXiv Detail & Related papers (2024-03-22T14:27:45Z) - TI-DNS: A Trusted and Incentive DNS Resolution Architecture based on Blockchain [8.38094558878305]
Domain Name System (DNS) is vulnerable to some malicious attacks, including DNS cache poisoning.
This paper presents TI-DNS, a blockchain-based DNS resolution architecture designed to detect and correct the forged DNS records.
TI-DNS is easy to be adopted as it only requires modifications to the resolver side of current DNS infrastructure.
arXiv Detail & Related papers (2023-12-07T08:03:10Z) - The #DNN-Verification Problem: Counting Unsafe Inputs for Deep Neural
Networks [94.63547069706459]
#DNN-Verification problem involves counting the number of input configurations of a DNN that result in a violation of a safety property.
We propose a novel approach that returns the exact count of violations.
We present experimental results on a set of safety-critical benchmarks.
arXiv Detail & Related papers (2023-01-17T18:32:01Z) - Open-Domain Question-Answering for COVID-19 and Other Emergent Domains [61.615197623034085]
We present an open-domain question-answering system for the emergent biomedical domain of COVID-19.
Despite the small data size, we are able to successfully train the system to retrieve answers from a large-scale corpus of published COVID-19 scientific papers.
arXiv Detail & Related papers (2021-10-13T18:06:14Z) - Cross-Domain Generalization Through Memorization: A Study of Nearest
Neighbors in Neural Duplicate Question Detection [72.01292864036087]
Duplicate question detection (DQD) is important to increase efficiency of community and automatic question answering systems.
We leverage neural representations and study nearest neighbors for cross-domain generalization in DQD.
We observe robust performance of this method in different cross-domain scenarios of StackExchange, Spring and Quora datasets.
arXiv Detail & Related papers (2020-11-22T19:19:33Z) - CMT in TREC-COVID Round 2: Mitigating the Generalization Gaps from Web
to Special Domain Search [89.48123965553098]
This paper presents a search system to alleviate the special domain adaption problem.
The system utilizes the domain-adaptive pretraining and few-shot learning technologies to help neural rankers mitigate the domain discrepancy.
Our system performs the best among the non-manual runs in Round 2 of the TREC-COVID task.
arXiv Detail & Related papers (2020-11-03T09:10:48Z) - Global Optimization of Objective Functions Represented by ReLU Networks [77.55969359556032]
Neural networks can learn complex, non- adversarial functions, and it is challenging to guarantee their correct behavior in safety-critical contexts.
Many approaches exist to find failures in networks (e.g., adversarial examples), but these cannot guarantee the absence of failures.
We propose an approach that integrates the optimization process into the verification procedure, achieving better performance than the naive approach.
arXiv Detail & Related papers (2020-10-07T08:19:48Z) - Boosting Deep Neural Networks with Geometrical Prior Knowledge: A Survey [77.99182201815763]
Deep Neural Networks (DNNs) achieve state-of-the-art results in many different problem settings.
DNNs are often treated as black box systems, which complicates their evaluation and validation.
One promising field, inspired by the success of convolutional neural networks (CNNs) in computer vision tasks, is to incorporate knowledge about symmetric geometrical transformations.
arXiv Detail & Related papers (2020-06-30T14:56:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.