Loading…
Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates
DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-t...
Saved in:
Main Authors: | , , , , , |
---|---|
Format: | Conference Proceeding |
Language: | English |
Subjects: | |
Online Access: | Request full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
cited_by | |
---|---|
cites | |
container_end_page | 1489 |
container_issue | |
container_start_page | 1480 |
container_title | |
container_volume | |
creator | Nosyk, Yevheniya Korczynski, Maciej Ganan, Carlos H. Krol, Michal Lone, Qasim Duda, Andrzej |
description | DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-the-middle attacks. Originally devised without the implementation of authentication mechanisms, non-secure DNS updates were widely adopted in DNS software, subsequently leaving domains susceptible to a novel form of attack termed zone poisoning. In order to gauge the extent of this issue, our analysis encompassed over 353 million domain names, revealing the presence of 381,965 domains that openly accepted unsolicited DNS updates. We then undertook a comprehensive three-phase campaign involving the notification of Computer Security Incident Response Teams (CSIRTs). Following extensive discussions spanning six months, we observed substantial remediation, with nearly 54% of nameservers and 98% of vulnerable domains addressing the issue. This outcome serves as evidence that engaging with CSIRTs can prove to be an effective approach for reporting security vulnerabilities. Moreover, our notifications had a lasting impact, as evidenced by the sustained low prevalence of vulnerable domains. |
doi_str_mv | 10.1109/TrustCom60117.2023.00202 |
format | conference_proceeding |
fullrecord | <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_10538543</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10538543</ieee_id><sourcerecordid>10538543</sourcerecordid><originalsourceid>FETCH-LOGICAL-h168t-3a18965d1c4f7650294efd13421214a630194081ac4873e929aa5470bd21873a3</originalsourceid><addsrcrecordid>eNotzEFPwjAUwPFqYiJBvoGH3rwwfK-v3VpvBhRIEE2AxBt5dp0O2Ua2YsK3l0RPv-R_-AshEUaI4O7X7bGL46ZKATEbKVA0AjhzIQYuc5YMkEXn6FL0FCmdOEC6FoOu2wEAKdBoTU-8T5r6LsppiHJW7th_h_xBvrXhh_eh9mEoX8pYfnIsm3oouc7lvDqwj7Ip5LKpk1XwxzbIyXIlJ6eaq9LLzSHnGLobcVXwvguDf_ti8_y0Hs-Sxet0Pn5cJF-Y2pgQo3WpydHrIksNKKdDkSNphQo1pwToNFhkr21GwSnHbHQGH7nCc2Dqi9u_bxlC2B7asuL2tEUwZI0m-gV_0VII</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates</title><source>IEEE Xplore All Conference Series</source><creator>Nosyk, Yevheniya ; Korczynski, Maciej ; Ganan, Carlos H. ; Krol, Michal ; Lone, Qasim ; Duda, Andrzej</creator><creatorcontrib>Nosyk, Yevheniya ; Korczynski, Maciej ; Ganan, Carlos H. ; Krol, Michal ; Lone, Qasim ; Duda, Andrzej</creatorcontrib><description>DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-the-middle attacks. Originally devised without the implementation of authentication mechanisms, non-secure DNS updates were widely adopted in DNS software, subsequently leaving domains susceptible to a novel form of attack termed zone poisoning. In order to gauge the extent of this issue, our analysis encompassed over 353 million domain names, revealing the presence of 381,965 domains that openly accepted unsolicited DNS updates. We then undertook a comprehensive three-phase campaign involving the notification of Computer Security Incident Response Teams (CSIRTs). Following extensive discussions spanning six months, we observed substantial remediation, with nearly 54% of nameservers and 98% of vulnerable domains addressing the issue. This outcome serves as evidence that engaging with CSIRTs can prove to be an effective approach for reporting security vulnerabilities. Moreover, our notifications had a lasting impact, as evidenced by the sustained low prevalence of vulnerable domains.</description><identifier>EISSN: 2324-9013</identifier><identifier>EISBN: 9798350381993</identifier><identifier>DOI: 10.1109/TrustCom60117.2023.00202</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>IEEE</publisher><subject>Authentication ; DNS ; dynamic updates ; Medical services ; notifications ; Privacy ; Sociology ; Software ; Taxonomy ; Writing</subject><ispartof>2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2023, p.1480-1489</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10538543$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,27925,54555,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/10538543$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Nosyk, Yevheniya</creatorcontrib><creatorcontrib>Korczynski, Maciej</creatorcontrib><creatorcontrib>Ganan, Carlos H.</creatorcontrib><creatorcontrib>Krol, Michal</creatorcontrib><creatorcontrib>Lone, Qasim</creatorcontrib><creatorcontrib>Duda, Andrzej</creatorcontrib><title>Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates</title><title>2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)</title><addtitle>TRUSTCOM</addtitle><description>DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-the-middle attacks. Originally devised without the implementation of authentication mechanisms, non-secure DNS updates were widely adopted in DNS software, subsequently leaving domains susceptible to a novel form of attack termed zone poisoning. In order to gauge the extent of this issue, our analysis encompassed over 353 million domain names, revealing the presence of 381,965 domains that openly accepted unsolicited DNS updates. We then undertook a comprehensive three-phase campaign involving the notification of Computer Security Incident Response Teams (CSIRTs). Following extensive discussions spanning six months, we observed substantial remediation, with nearly 54% of nameservers and 98% of vulnerable domains addressing the issue. This outcome serves as evidence that engaging with CSIRTs can prove to be an effective approach for reporting security vulnerabilities. Moreover, our notifications had a lasting impact, as evidenced by the sustained low prevalence of vulnerable domains.</description><subject>Authentication</subject><subject>DNS</subject><subject>dynamic updates</subject><subject>Medical services</subject><subject>notifications</subject><subject>Privacy</subject><subject>Sociology</subject><subject>Software</subject><subject>Taxonomy</subject><subject>Writing</subject><issn>2324-9013</issn><isbn>9798350381993</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2023</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotzEFPwjAUwPFqYiJBvoGH3rwwfK-v3VpvBhRIEE2AxBt5dp0O2Ua2YsK3l0RPv-R_-AshEUaI4O7X7bGL46ZKATEbKVA0AjhzIQYuc5YMkEXn6FL0FCmdOEC6FoOu2wEAKdBoTU-8T5r6LsppiHJW7th_h_xBvrXhh_eh9mEoX8pYfnIsm3oouc7lvDqwj7Ip5LKpk1XwxzbIyXIlJ6eaq9LLzSHnGLobcVXwvguDf_ti8_y0Hs-Sxet0Pn5cJF-Y2pgQo3WpydHrIksNKKdDkSNphQo1pwToNFhkr21GwSnHbHQGH7nCc2Dqi9u_bxlC2B7asuL2tEUwZI0m-gV_0VII</recordid><startdate>20231101</startdate><enddate>20231101</enddate><creator>Nosyk, Yevheniya</creator><creator>Korczynski, Maciej</creator><creator>Ganan, Carlos H.</creator><creator>Krol, Michal</creator><creator>Lone, Qasim</creator><creator>Duda, Andrzej</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>20231101</creationdate><title>Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates</title><author>Nosyk, Yevheniya ; Korczynski, Maciej ; Ganan, Carlos H. ; Krol, Michal ; Lone, Qasim ; Duda, Andrzej</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-h168t-3a18965d1c4f7650294efd13421214a630194081ac4873e929aa5470bd21873a3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Authentication</topic><topic>DNS</topic><topic>dynamic updates</topic><topic>Medical services</topic><topic>notifications</topic><topic>Privacy</topic><topic>Sociology</topic><topic>Software</topic><topic>Taxonomy</topic><topic>Writing</topic><toplevel>online_resources</toplevel><creatorcontrib>Nosyk, Yevheniya</creatorcontrib><creatorcontrib>Korczynski, Maciej</creatorcontrib><creatorcontrib>Ganan, Carlos H.</creatorcontrib><creatorcontrib>Krol, Michal</creatorcontrib><creatorcontrib>Lone, Qasim</creatorcontrib><creatorcontrib>Duda, Andrzej</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library Online</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Nosyk, Yevheniya</au><au>Korczynski, Maciej</au><au>Ganan, Carlos H.</au><au>Krol, Michal</au><au>Lone, Qasim</au><au>Duda, Andrzej</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates</atitle><btitle>2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)</btitle><stitle>TRUSTCOM</stitle><date>2023-11-01</date><risdate>2023</risdate><spage>1480</spage><epage>1489</epage><pages>1480-1489</pages><eissn>2324-9013</eissn><eisbn>9798350381993</eisbn><coden>IEEPAD</coden><abstract>DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-the-middle attacks. Originally devised without the implementation of authentication mechanisms, non-secure DNS updates were widely adopted in DNS software, subsequently leaving domains susceptible to a novel form of attack termed zone poisoning. In order to gauge the extent of this issue, our analysis encompassed over 353 million domain names, revealing the presence of 381,965 domains that openly accepted unsolicited DNS updates. We then undertook a comprehensive three-phase campaign involving the notification of Computer Security Incident Response Teams (CSIRTs). Following extensive discussions spanning six months, we observed substantial remediation, with nearly 54% of nameservers and 98% of vulnerable domains addressing the issue. This outcome serves as evidence that engaging with CSIRTs can prove to be an effective approach for reporting security vulnerabilities. Moreover, our notifications had a lasting impact, as evidenced by the sustained low prevalence of vulnerable domains.</abstract><pub>IEEE</pub><doi>10.1109/TrustCom60117.2023.00202</doi><tpages>10</tpages><oa>free_for_read</oa></addata></record> |
fulltext | fulltext_linktorsrc |
identifier | EISSN: 2324-9013 |
ispartof | 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2023, p.1480-1489 |
issn | 2324-9013 |
language | eng |
recordid | cdi_ieee_primary_10538543 |
source | IEEE Xplore All Conference Series |
subjects | Authentication DNS dynamic updates Medical services notifications Privacy Sociology Software Taxonomy Writing |
title | Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates |
url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-24T13%3A53%3A37IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Don't%20Get%20Hijacked:%20Prevalence,%20Mitigation,%20and%20Impact%20of%20Non-Secure%20DNS%20Dynamic%20Updates&rft.btitle=2023%20IEEE%2022nd%20International%20Conference%20on%20Trust,%20Security%20and%20Privacy%20in%20Computing%20and%20Communications%20(TrustCom)&rft.au=Nosyk,%20Yevheniya&rft.date=2023-11-01&rft.spage=1480&rft.epage=1489&rft.pages=1480-1489&rft.eissn=2324-9013&rft.coden=IEEPAD&rft_id=info:doi/10.1109/TrustCom60117.2023.00202&rft.eisbn=9798350381993&rft_dat=%3Cieee_CHZPO%3E10538543%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-h168t-3a18965d1c4f7650294efd13421214a630194081ac4873e929aa5470bd21873a3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=10538543&rfr_iscdi=true |