Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates

• URL: http://arxiv.org/abs/2405.19871v1
• Date: Thu, 30 May 2024 09:23:53 GMT
• Title: Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates
• Authors: Yevheniya Nosyk, Maciej Korczyński, Carlos H. Gañán, Michał Król, Qasim Lone, Andrzej Duda,
• Abstract summary: DNS dynamic updates represent an inherently vulnerable mechanism. Non-secure DNS updates leave domains susceptible to a novel form of attack termed zone poisoning. We undertook a comprehensive campaign involving the notification of Computer Security Incident Response Teams.
• Score: 1.135267457536642
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-the-middle attacks. Originally devised without the implementation of authentication mechanisms, non-secure DNS updates were widely adopted in DNS software, subsequently leaving domains susceptible to a novel form of attack termed zone poisoning. In order to gauge the extent of this issue, our analysis encompassed over 353 million domain names, revealing the presence of 381,965 domains that openly accepted unsolicited DNS updates. We then undertook a comprehensive three-phase campaign involving the notification of Computer Security Incident Response Teams (CSIRTs). Following extensive discussions spanning six months, we observed substantial remediation, with nearly 54\% of nameservers and 98% of vulnerable domains addressing the issue. This outcome serves as evidence that engaging with CSIRTs can prove to be an effective approach for reporting security vulnerabilities. Moreover, our notifications had a lasting impact, as evidenced by the sustained low prevalence of vulnerable domains.

Related papers

• MANTIS: Detection of Zero-Day Malicious Domains Leveraging Low Reputed Hosting Infrastructure [6.214359156708907]
  Existing detection mechanisms are either too late to catch such malicious domains due to limited information and their short life spans or unable to catch them due to evasive techniques such as cloaking and captcha. We build MANTIS, a system that not only generates daily blocklists of malicious domains but also is able to predict malicious domains on-demand. On average, our models achieve a precision of 99.7%, a recall of 86.9% with a very low false positive rate (FPR) of 0.1% and on average detects 19K new malicious domains per day.
  arXiv  Detail & Related papers  (2025-02-13T21:46:34Z)
• Registration, Detection, and Deregistration: Analyzing DNS Abuse for Phishing Attacks [2.160481692907504]
  Phishing continues to pose a significant cybersecurity threat. It is essential to address this fundamental challenge at the root, particularly in phishing domains. Domain registration presents a crucial intervention point, as domains serve as the primary gateway between users and websites.
  arXiv  Detail & Related papers  (2025-02-13T18:02:48Z)
• DomainDynamics: Lifecycle-Aware Risk Timeline Construction for Domain Names [2.6217304977339473]
  DomainDynamics is a novel system designed to predict domain name risks by considering their lifecycle stages. In an experiment involving over 85,000 actual malicious domains from malware and phishing incidents, DomainDynamics achieved an 82.58% detection rate with a low false positive rate of 0.41%.
  arXiv  Detail & Related papers  (2024-10-02T23:33:13Z)
• Detecting and Measuring Security Implications of Entangled Domain Verification in CDN [30.611196380526213]
  Absence of Domain Verification (DVA) is a significant security flaw in Content Delivery Networks (CDNs) We present DVAHunter, an automated system for detecting DVA vulnerabilities that can lead to domain abuse in CDNs.
  arXiv  Detail & Related papers  (2024-09-03T13:27:33Z)
• Say No to Freeloader: Protecting Intellectual Property of Your Deep Model [52.783709712318405]
  Compact Un-transferable Pyramid Isolation Domain (CUPI-Domain) serves as a barrier against illegal transfers from authorized to unauthorized domains. We propose CUPI-Domain generators, which select features from both authorized and CUPI-Domain as anchors. We provide two solutions for utilizing CUPI-Domain based on whether the unauthorized domain is known.
  arXiv  Detail & Related papers  (2024-08-23T15:34:33Z)
• DNSSEC+: An Enhanced DNS Scheme Motivated by Benefits and Pitfalls of DNSSEC [1.8379423176822356]
  We present DNSSEC+, which addresses security and deployability downsides of DNSSEC. We show how DNSSEC+ fulfills nine security, privacy, and deployability properties for name resolution.
  arXiv  Detail & Related papers  (2024-08-02T01:25:14Z)
• Domain Generalization via Causal Adjustment for Cross-Domain Sentiment Analysis [59.73582306457387]
  We focus on the problem of domain generalization for cross-domain sentiment analysis. We propose a backdoor adjustment-based causal model to disentangle the domain-specific and domain-invariant representations. A series of experiments show the great performance and robustness of our model.
  arXiv  Detail & Related papers  (2024-02-22T13:26:56Z)
• TI-DNS: A Trusted and Incentive DNS Resolution Architecture based on Blockchain [8.38094558878305]
  Domain Name System (DNS) is vulnerable to some malicious attacks, including DNS cache poisoning. This paper presents TI-DNS, a blockchain-based DNS resolution architecture designed to detect and correct the forged DNS records. TI-DNS is easy to be adopted as it only requires modifications to the resolver side of current DNS infrastructure.
  arXiv  Detail & Related papers  (2023-12-07T08:03:10Z)
• The Evolution of DNS Security and Privacy [1.0603824305049263]
  DNS is one of the fundamental protocols of the TCP/IP stack to protect against threats and attacks. This study examines the risks associated with DNS and explores recent advancements that contribute towards making the DNS ecosystem resilient against various attacks while safeguarding user privacy.
  arXiv  Detail & Related papers  (2023-12-01T06:14:25Z)
• Model Barrier: A Compact Un-Transferable Isolation Domain for Model Intellectual Property Protection [52.08301776698373]
  We propose a novel approach called Compact Un-Transferable Isolation Domain (CUTI-domain) CUTI-domain acts as a barrier to block illegal transfers from authorized to unauthorized domains. We show that CUTI-domain can be easily implemented as a plug-and-play module with different backbones.
  arXiv  Detail & Related papers  (2023-03-20T13:07:11Z)
• Decompose to Adapt: Cross-domain Object Detection via Feature Disentanglement [79.2994130944482]
  We design a Domain Disentanglement Faster-RCNN (DDF) to eliminate the source-specific information in the features for detection task learning. Our DDF method facilitates the feature disentanglement at the global and local stages, with a Global Triplet Disentanglement (GTD) module and an Instance Similarity Disentanglement (ISD) module. By outperforming state-of-the-art methods on four benchmark UDA object detection tasks, our DDF method is demonstrated to be effective with wide applicability.
  arXiv  Detail & Related papers  (2022-01-06T05:43:01Z)
• Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
  This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
  arXiv  Detail & Related papers  (2020-07-05T18:22:40Z)
• Cross-domain Self-supervised Learning for Domain Adaptation with Few Source Labels [78.95901454696158]
  We propose a novel Cross-Domain Self-supervised learning approach for domain adaptation. Our method significantly boosts performance of target accuracy in the new target domain with few source labels.
  arXiv  Detail & Related papers  (2020-03-18T15:11:07Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.