ICANN DNS 研讨会 | 2021年5月


In today’s DNS infrastructure, DNS forwarders are devices standing in between DNS clients and recursive resolvers. The devices often serve as ingress servers for DNS clients, and instead of resolving queries, they pass the DNS requests to other servers. Because of the advantages and several use cases, DNS forwarders are widely deployed and queried by Internet users. However, studies have shown that DNS forwarders can be more vulnerable devices in the DNS infrastructure. In this paper, we present a cache poisoning attack targeting DNS forwarders. Through this attack, attackers can inject rogue records of arbitrary victim domain names using a controlled domain, and circumvent widely-deployed cache poisoning defences. By performing tests on popular home router models and DNS software, we find several vulnerable implementations, including those of large vendors (e.g., D-Link, Linksys, dnsmasq and MS DNS). Further, through a nationwide measurement, we estimate the population of Chinese mobile clients which are using vulnerable DNS forwarders. We have been reporting the issue to the affected vendors, and so far have received positive feedback from three of them. Our work further demonstrates that DNS forwarders can be a soft spot in the DNS infrastructure, and calls for attention as well as implementation guidelines from the community.

五月 25, 2021 12:00 PM — 五月 27, 2021 3:45 PM



李想,清华大学网络科学与网络空间研究院五年级博士研究生,导师为李琦副教授和段海新教授。研究方向为网络与协议安全,已发表论文12篇(含一作5篇:在网络安全四大顶会均有发表、通讯1篇),授权专利1项,在Black Hat多次演讲,获得180+CVE等漏洞编号。研究获得多个政府及大学CERT安全公告、60+媒体报道,并被纳入RFC标准文档。其也获得了多项奖项荣誉,如清华优秀奖学金、龙湖奖学金卓越奖等。