Google randomization of domain queries such as iguru.gr to IgUrU.gr

Google has generally begun to allow randomization of domain queries sent to authoritative name servers in an effort to make cache poisoning attacks less effective (cache poisoning attacks).

This means that queries for a domain like iguru.gr, if handled by Google Public DNS, could be reconfigured to IgUrU.gr when the request is transmitted to DNS servers for lookup. Although this will be noticeable to administrators controlling network traffic, this particular formatting is not visible to the general public.letters random

When the προσπαθούν να επισκεφτούν μια σελίδα όπως το iguru.gr – με όποιο πρόγραμμα περιήγησης ή εφαρμογή χρησιμοποιούν, ουσιαστικά ρωτούν το domain name του ιστότοπου χρησιμοποιώντας το Domain Name (DNS) to discover the IP addresses of the servers hosting the website. Such a DNS query usually goes through a recursive DNS that contacts other name servers until it finally receives a response from a valid name server.

To accelerate this multi-step, DNS query responses may be cached by these intermediate name servers. This opens up the possibility of cache poisoning attacks.

One such attack involves attacking one of these intermediate name servers with too many DNS queries for uncached domains. The victim server then contacts other name servers that can help it answer these queries. At the same time, the attacker floods the victim's server with false responses that are disguised to look like legitimate responses from these other name servers.

The hacker's goal is to get the victim's server to accept one or more of these bogus responses – and cache that wrong response – so that he can take advantage of the misdirection.

All of this is possible because DNS servers are based on UDP – a network protocol that is faster than TCP but offers no guarantees on and consequently, it is more vulnerable to counterfeiting. It also works because DNS query IDs are 16-bit fields, meaning their possible values ​​can only range from 0 to 65.535 – a small enough range to guess with a flood of malicious requests.

There is one detailed analysis of this attack here if you are curious. And, yes, DNSSEC is supposed to prevent these kinds of cache poisoning attacks, when supported and used.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
domain, domain queries, domain queries sql, dns domain queries, domain name queries

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).