12px13px15px17px
Date:21/08/18

28% of DNS traffic is intercepted by internet providers

Most people's DNS queries – by which browsers and other software resolve domain names into IP addresses – remain unprotected while flowing over the internet.
 
And that's because, you may not be surprised to know, the proposed standards to safeguard DNS traffic – such as DNSSEC and DNS-over-HTTPS – have yet to be fully baked and aren't yet widely adopted.
 
DNSSEC, for one, aims to prevent miscreants tampering with intercepted domain-name lookups by digital signing the answers – making any forgeries obvious to software. DNS-over-TLS and DNS-over-HTTPS aim to do this, too, and encrypt the queries so eavesdroppers on the network can't snoop on what sites you're visiting.
 
Without these safeguards in wide (or any) use, DNS traffic remains unencrypted and unauthenticated, meaning they can be potentially spied on and meddled with to redirect people to malicious websites masquerading as legit sites.
 
Researchers from universities in China and the US recently decided to check whether or not this is actually happening, and found that traffic interception a reality for a small but significant portion of DNS queries – 0.66 per cent of DNS requests over TCP – across a global sample of residential and cellular IP addresses.
 
The boffins – Baojun Liu, Chaoyi Lu, Haixin Duan, and Ying Liu from Tsinghua University in China; Zhou Li and Shuang Hao from the University of Texas at Dallas; and Min Yang from Fudan University in China – describe the results of their inquiry in a paper presented at this week's USENIX Security Symposium.
 
The paper, "Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path," describes how the researchers set up a system to measure DNS interception across 148,478 residential and cellular IP addresses around the world.
 
Internet users may choose their own DNS resolvers, by manually pointing their applications and operating systems at, say, Google Public DNS (8.8.8.8) or Cloudflare (1.1.1.1). Usually, however, people accept whatever DNS resolver the network or their ISP automatically provides.
 
If an intermediary intercepts a DNS request, that isn't necessarily nefarious, but it could lead to undesirable consequences. At the very least, it deprives those using the internet of choice and privacy.
 
The researchers looked for providers spoofing the IP addresses of users' specified DNS resolvers to intercept DNS traffic covertly. They designed their study to focus on registered domains and to omit sensitive keywords, to avoid the influence of content censorship mechanisms.
 
They found DNS query interception in 259 of the 3,047 service provider AS collections tested, or 8.5 per cent. (The research paper uses the term "ASes," which stands for Autonomous Systems, networking terminology for a collection of IP address blocks assigned to ISPs and other organizations.)
 
UDP as easy as 123
 
In terms of packets sent to Google Public DNS, 27.9 per cent of UDP-based packets were intercepted, compared to about 7.3 per cent of data sent over TCP, it is claimed. (Most of DNS requests are sent over UDP and intercepting UDP traffic is easier from a technical perspective, the researchers explain.)
 
Google DNS appears to be particularly appealing as an interception target for service providers. "We also discover 82 ASes are intercepting more than 90 per cent of DNS traffic sent to Google Public DNS," the researchers observed in their paper.
 
Comcast Cable Communications in the US is cited as the controller of AS7922, which was found intercepting a small portion of Google Public DNS traffic.
 
"Among our 13,466 DNS requests sent from this AS to Google DNS, 72 (0.53 per cent) are redirected, with alternative resolvers outside Google actually contacting our authoritative nameservers," the paper stated.
 
The researchers speculate that on-path devices handling interception are only deployed in a limited number of sub-networks for this AS and allow that it's possible a Comcast customer rather than the company itself deployed these devices.
 
Providers in China were cited as conducting the most interception. China Mobile, for example, gets singled out for alleged involvement in DNS tampering for profit.
 
"As an example, 8 responses from Google Public DNS are tampered in AS9808 (Guangdong Mobile), pointing to a web portal which promotes an APP of China Mobile," the paper stated.
 
Encryption
 
In an email to The Register, Nick Sullivan, head of cryptography at Cloudflare, said that the lack of encryption and authentication in DNS is widely seen as one of the internet's biggest unpatched bugs.
 
"This bug is known to be exploited by networks for various reasons, but the extent to which networks are intercepting DNS queries is not well known," he said. "This paper is significant because it is one of the most widespread measurement studies done on the prevalence of DNS interception is on the internet."
 
Sullivan said it was surprising to see just how high the rate of interception is in some instances.
 
"The researchers found that interception rates for DNS queries directed to popular public DNS resolvers are high overall, and in some networks as high as 100 per cent," he said. "Not all the intercepted DNS queries were modified or recorded, but they could be, which has huge implications for privacy and security online. These findings accelerate the need to patch this bug by transitioning DNS from an unencrypted protocol to one that is protected by strong encryption and authentication technologies."
 
 





Views: 279

©ictnews.az. All rights reserved.

Facebook Google Favorites.Live BobrDobr Delicious Twitter Propeller Diigo Yahoo Memori MoeMesto






24 October 2018

23 10 2018

23/10/18
WhatsApp working on Face ID and Touch ID support for iOS app

WhatsApp is reportedly working on a new security feature for its iOS app. iPhone users have never been able

23/10/18
HTC Releases First Blockchain-Powered Smartphone – Exodus 1

HTC launched a new blockchain-powered smartphone, “EXODUS 1,” Tuesday morning. The phone is the first 

23/10/18
AzInTelecom holds hackathon

AzInTelecom LLC under the Ministry of Transport, Communications and High Technologies will hold 

23/10/18
Windows 10 October 2018 Update apparently hit by another bug that could lose your files

It appears there’s some more bad news for the Windows 10 October 2018 Update, with some apparent further 

23/10/18
Samsung Flash laptop launched with 13.3-inch display, retro style keyboard

Samsung has launched a new laptop – Flash – which is both gorgeous and powerful. Launched in its home country

23/10/18
Podoon smart pillow can adjust to the person’s posture

Podoon smart pillow is able to automatically adjust to the person’s posture so that he sleeps soundly 

23/10/18
China to build world’s largest supercollider

Chinese scientists plan to build the world's most powerful electron collider by 2030, a project that will cost 35 billion

23/10/18
QuTech researchers put forward a roadmap for quantum internet development

A quantum internet may very well be the first quantum information technology to become reality. Researchers 

23/10/18
82% of American teens own an Apple iPhone

Teens in the United States still love the iPhone, with a whopping 82% of teens in a recent study saying they owned