Loading…

Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates

DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-t...

Full description

Saved in:
Bibliographic Details
Main Authors: Nosyk, Yevheniya, Korczynski, Maciej, Ganan, Carlos H., Krol, Michal, Lone, Qasim, Duda, Andrzej
Format: Conference Proceeding
Language:English
Subjects:
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 1489
container_issue
container_start_page 1480
container_title
container_volume
creator Nosyk, Yevheniya
Korczynski, Maciej
Ganan, Carlos H.
Krol, Michal
Lone, Qasim
Duda, Andrzej
description DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-the-middle attacks. Originally devised without the implementation of authentication mechanisms, non-secure DNS updates were widely adopted in DNS software, subsequently leaving domains susceptible to a novel form of attack termed zone poisoning. In order to gauge the extent of this issue, our analysis encompassed over 353 million domain names, revealing the presence of 381,965 domains that openly accepted unsolicited DNS updates. We then undertook a comprehensive three-phase campaign involving the notification of Computer Security Incident Response Teams (CSIRTs). Following extensive discussions spanning six months, we observed substantial remediation, with nearly 54% of nameservers and 98% of vulnerable domains addressing the issue. This outcome serves as evidence that engaging with CSIRTs can prove to be an effective approach for reporting security vulnerabilities. Moreover, our notifications had a lasting impact, as evidenced by the sustained low prevalence of vulnerable domains.
doi_str_mv 10.1109/TrustCom60117.2023.00202
format conference_proceeding
fullrecord <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_10538543</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10538543</ieee_id><sourcerecordid>10538543</sourcerecordid><originalsourceid>FETCH-LOGICAL-h168t-3a18965d1c4f7650294efd13421214a630194081ac4873e929aa5470bd21873a3</originalsourceid><addsrcrecordid>eNotzEFPwjAUwPFqYiJBvoGH3rwwfK-v3VpvBhRIEE2AxBt5dp0O2Ua2YsK3l0RPv-R_-AshEUaI4O7X7bGL46ZKATEbKVA0AjhzIQYuc5YMkEXn6FL0FCmdOEC6FoOu2wEAKdBoTU-8T5r6LsppiHJW7th_h_xBvrXhh_eh9mEoX8pYfnIsm3oouc7lvDqwj7Ip5LKpk1XwxzbIyXIlJ6eaq9LLzSHnGLobcVXwvguDf_ti8_y0Hs-Sxet0Pn5cJF-Y2pgQo3WpydHrIksNKKdDkSNphQo1pwToNFhkr21GwSnHbHQGH7nCc2Dqi9u_bxlC2B7asuL2tEUwZI0m-gV_0VII</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates</title><source>IEEE Xplore All Conference Series</source><creator>Nosyk, Yevheniya ; Korczynski, Maciej ; Ganan, Carlos H. ; Krol, Michal ; Lone, Qasim ; Duda, Andrzej</creator><creatorcontrib>Nosyk, Yevheniya ; Korczynski, Maciej ; Ganan, Carlos H. ; Krol, Michal ; Lone, Qasim ; Duda, Andrzej</creatorcontrib><description>DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-the-middle attacks. Originally devised without the implementation of authentication mechanisms, non-secure DNS updates were widely adopted in DNS software, subsequently leaving domains susceptible to a novel form of attack termed zone poisoning. In order to gauge the extent of this issue, our analysis encompassed over 353 million domain names, revealing the presence of 381,965 domains that openly accepted unsolicited DNS updates. We then undertook a comprehensive three-phase campaign involving the notification of Computer Security Incident Response Teams (CSIRTs). Following extensive discussions spanning six months, we observed substantial remediation, with nearly 54% of nameservers and 98% of vulnerable domains addressing the issue. This outcome serves as evidence that engaging with CSIRTs can prove to be an effective approach for reporting security vulnerabilities. Moreover, our notifications had a lasting impact, as evidenced by the sustained low prevalence of vulnerable domains.</description><identifier>EISSN: 2324-9013</identifier><identifier>EISBN: 9798350381993</identifier><identifier>DOI: 10.1109/TrustCom60117.2023.00202</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>IEEE</publisher><subject>Authentication ; DNS ; dynamic updates ; Medical services ; notifications ; Privacy ; Sociology ; Software ; Taxonomy ; Writing</subject><ispartof>2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2023, p.1480-1489</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10538543$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,27925,54555,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/10538543$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Nosyk, Yevheniya</creatorcontrib><creatorcontrib>Korczynski, Maciej</creatorcontrib><creatorcontrib>Ganan, Carlos H.</creatorcontrib><creatorcontrib>Krol, Michal</creatorcontrib><creatorcontrib>Lone, Qasim</creatorcontrib><creatorcontrib>Duda, Andrzej</creatorcontrib><title>Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates</title><title>2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)</title><addtitle>TRUSTCOM</addtitle><description>DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-the-middle attacks. Originally devised without the implementation of authentication mechanisms, non-secure DNS updates were widely adopted in DNS software, subsequently leaving domains susceptible to a novel form of attack termed zone poisoning. In order to gauge the extent of this issue, our analysis encompassed over 353 million domain names, revealing the presence of 381,965 domains that openly accepted unsolicited DNS updates. We then undertook a comprehensive three-phase campaign involving the notification of Computer Security Incident Response Teams (CSIRTs). Following extensive discussions spanning six months, we observed substantial remediation, with nearly 54% of nameservers and 98% of vulnerable domains addressing the issue. This outcome serves as evidence that engaging with CSIRTs can prove to be an effective approach for reporting security vulnerabilities. Moreover, our notifications had a lasting impact, as evidenced by the sustained low prevalence of vulnerable domains.</description><subject>Authentication</subject><subject>DNS</subject><subject>dynamic updates</subject><subject>Medical services</subject><subject>notifications</subject><subject>Privacy</subject><subject>Sociology</subject><subject>Software</subject><subject>Taxonomy</subject><subject>Writing</subject><issn>2324-9013</issn><isbn>9798350381993</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2023</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotzEFPwjAUwPFqYiJBvoGH3rwwfK-v3VpvBhRIEE2AxBt5dp0O2Ua2YsK3l0RPv-R_-AshEUaI4O7X7bGL46ZKATEbKVA0AjhzIQYuc5YMkEXn6FL0FCmdOEC6FoOu2wEAKdBoTU-8T5r6LsppiHJW7th_h_xBvrXhh_eh9mEoX8pYfnIsm3oouc7lvDqwj7Ip5LKpk1XwxzbIyXIlJ6eaq9LLzSHnGLobcVXwvguDf_ti8_y0Hs-Sxet0Pn5cJF-Y2pgQo3WpydHrIksNKKdDkSNphQo1pwToNFhkr21GwSnHbHQGH7nCc2Dqi9u_bxlC2B7asuL2tEUwZI0m-gV_0VII</recordid><startdate>20231101</startdate><enddate>20231101</enddate><creator>Nosyk, Yevheniya</creator><creator>Korczynski, Maciej</creator><creator>Ganan, Carlos H.</creator><creator>Krol, Michal</creator><creator>Lone, Qasim</creator><creator>Duda, Andrzej</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>20231101</creationdate><title>Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates</title><author>Nosyk, Yevheniya ; Korczynski, Maciej ; Ganan, Carlos H. ; Krol, Michal ; Lone, Qasim ; Duda, Andrzej</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-h168t-3a18965d1c4f7650294efd13421214a630194081ac4873e929aa5470bd21873a3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Authentication</topic><topic>DNS</topic><topic>dynamic updates</topic><topic>Medical services</topic><topic>notifications</topic><topic>Privacy</topic><topic>Sociology</topic><topic>Software</topic><topic>Taxonomy</topic><topic>Writing</topic><toplevel>online_resources</toplevel><creatorcontrib>Nosyk, Yevheniya</creatorcontrib><creatorcontrib>Korczynski, Maciej</creatorcontrib><creatorcontrib>Ganan, Carlos H.</creatorcontrib><creatorcontrib>Krol, Michal</creatorcontrib><creatorcontrib>Lone, Qasim</creatorcontrib><creatorcontrib>Duda, Andrzej</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library Online</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Nosyk, Yevheniya</au><au>Korczynski, Maciej</au><au>Ganan, Carlos H.</au><au>Krol, Michal</au><au>Lone, Qasim</au><au>Duda, Andrzej</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates</atitle><btitle>2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)</btitle><stitle>TRUSTCOM</stitle><date>2023-11-01</date><risdate>2023</risdate><spage>1480</spage><epage>1489</epage><pages>1480-1489</pages><eissn>2324-9013</eissn><eisbn>9798350381993</eisbn><coden>IEEPAD</coden><abstract>DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-the-middle attacks. Originally devised without the implementation of authentication mechanisms, non-secure DNS updates were widely adopted in DNS software, subsequently leaving domains susceptible to a novel form of attack termed zone poisoning. In order to gauge the extent of this issue, our analysis encompassed over 353 million domain names, revealing the presence of 381,965 domains that openly accepted unsolicited DNS updates. We then undertook a comprehensive three-phase campaign involving the notification of Computer Security Incident Response Teams (CSIRTs). Following extensive discussions spanning six months, we observed substantial remediation, with nearly 54% of nameservers and 98% of vulnerable domains addressing the issue. This outcome serves as evidence that engaging with CSIRTs can prove to be an effective approach for reporting security vulnerabilities. Moreover, our notifications had a lasting impact, as evidenced by the sustained low prevalence of vulnerable domains.</abstract><pub>IEEE</pub><doi>10.1109/TrustCom60117.2023.00202</doi><tpages>10</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier EISSN: 2324-9013
ispartof 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2023, p.1480-1489
issn 2324-9013
language eng
recordid cdi_ieee_primary_10538543
source IEEE Xplore All Conference Series
subjects Authentication
DNS
dynamic updates
Medical services
notifications
Privacy
Sociology
Software
Taxonomy
Writing
title Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-24T13%3A53%3A37IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Don't%20Get%20Hijacked:%20Prevalence,%20Mitigation,%20and%20Impact%20of%20Non-Secure%20DNS%20Dynamic%20Updates&rft.btitle=2023%20IEEE%2022nd%20International%20Conference%20on%20Trust,%20Security%20and%20Privacy%20in%20Computing%20and%20Communications%20(TrustCom)&rft.au=Nosyk,%20Yevheniya&rft.date=2023-11-01&rft.spage=1480&rft.epage=1489&rft.pages=1480-1489&rft.eissn=2324-9013&rft.coden=IEEPAD&rft_id=info:doi/10.1109/TrustCom60117.2023.00202&rft.eisbn=9798350381993&rft_dat=%3Cieee_CHZPO%3E10538543%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-h168t-3a18965d1c4f7650294efd13421214a630194081ac4873e929aa5470bd21873a3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=10538543&rfr_iscdi=true