28% of DNS traffic is intercepted by internet providers

Most people's DNS queries – by which browsers and other software resolve domain names into IP addresses – remain unprotected while flowing over the internet.
And that's because, you may not be surprised to know, the proposed standards to safeguard DNS traffic – such as DNSSEC and DNS-over-HTTPS – have yet to be fully baked and aren't yet widely adopted.
DNSSEC, for one, aims to prevent miscreants tampering with intercepted domain-name lookups by digital signing the answers – making any forgeries obvious to software. DNS-over-TLS and DNS-over-HTTPS aim to do this, too, and encrypt the queries so eavesdroppers on the network can't snoop on what sites you're visiting.
Without these safeguards in wide (or any) use, DNS traffic remains unencrypted and unauthenticated, meaning they can be potentially spied on and meddled with to redirect people to malicious websites masquerading as legit sites.
Researchers from universities in China and the US recently decided to check whether or not this is actually happening, and found that traffic interception a reality for a small but significant portion of DNS queries – 0.66 per cent of DNS requests over TCP – across a global sample of residential and cellular IP addresses.
The boffins – Baojun Liu, Chaoyi Lu, Haixin Duan, and Ying Liu from Tsinghua University in China; Zhou Li and Shuang Hao from the University of Texas at Dallas; and Min Yang from Fudan University in China – describe the results of their inquiry in a paper presented at this week's USENIX Security Symposium.
The paper, "Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path," describes how the researchers set up a system to measure DNS interception across 148,478 residential and cellular IP addresses around the world.
Internet users may choose their own DNS resolvers, by manually pointing their applications and operating systems at, say, Google Public DNS ( or Cloudflare ( Usually, however, people accept whatever DNS resolver the network or their ISP automatically provides.
If an intermediary intercepts a DNS request, that isn't necessarily nefarious, but it could lead to undesirable consequences. At the very least, it deprives those using the internet of choice and privacy.
The researchers looked for providers spoofing the IP addresses of users' specified DNS resolvers to intercept DNS traffic covertly. They designed their study to focus on registered domains and to omit sensitive keywords, to avoid the influence of content censorship mechanisms.
They found DNS query interception in 259 of the 3,047 service provider AS collections tested, or 8.5 per cent. (The research paper uses the term "ASes," which stands for Autonomous Systems, networking terminology for a collection of IP address blocks assigned to ISPs and other organizations.)
UDP as easy as 123
In terms of packets sent to Google Public DNS, 27.9 per cent of UDP-based packets were intercepted, compared to about 7.3 per cent of data sent over TCP, it is claimed. (Most of DNS requests are sent over UDP and intercepting UDP traffic is easier from a technical perspective, the researchers explain.)
Google DNS appears to be particularly appealing as an interception target for service providers. "We also discover 82 ASes are intercepting more than 90 per cent of DNS traffic sent to Google Public DNS," the researchers observed in their paper.
Comcast Cable Communications in the US is cited as the controller of AS7922, which was found intercepting a small portion of Google Public DNS traffic.
"Among our 13,466 DNS requests sent from this AS to Google DNS, 72 (0.53 per cent) are redirected, with alternative resolvers outside Google actually contacting our authoritative nameservers," the paper stated.
The researchers speculate that on-path devices handling interception are only deployed in a limited number of sub-networks for this AS and allow that it's possible a Comcast customer rather than the company itself deployed these devices.
Providers in China were cited as conducting the most interception. China Mobile, for example, gets singled out for alleged involvement in DNS tampering for profit.
"As an example, 8 responses from Google Public DNS are tampered in AS9808 (Guangdong Mobile), pointing to a web portal which promotes an APP of China Mobile," the paper stated.
In an email to The Register, Nick Sullivan, head of cryptography at Cloudflare, said that the lack of encryption and authentication in DNS is widely seen as one of the internet's biggest unpatched bugs.
"This bug is known to be exploited by networks for various reasons, but the extent to which networks are intercepting DNS queries is not well known," he said. "This paper is significant because it is one of the most widespread measurement studies done on the prevalence of DNS interception is on the internet."
Sullivan said it was surprising to see just how high the rate of interception is in some instances.
"The researchers found that interception rates for DNS queries directed to popular public DNS resolvers are high overall, and in some networks as high as 100 per cent," he said. "Not all the intercepted DNS queries were modified or recorded, but they could be, which has huge implications for privacy and security online. These findings accelerate the need to patch this bug by transitioning DNS from an unencrypted protocol to one that is protected by strong encryption and authentication technologies."

Views: 745

©ictnews.az. All rights reserved.

Facebook Google Favorites.Live BobrDobr Delicious Twitter Propeller Diigo Yahoo Memori MoeMesto

25 May 2019

Squad of firefighting robots created in Japan

A squad of firefighting robots was created for the first time in Japan to extinguish particularly severe 

24 05 2019

Schoolchildren in Shabran were informed about internet opportunities and threats

Aztelecom LLC of the Ministry of Transport, Communications and High Technologies held a seminar on the subject

Startup tour held in Shaki within project "I2B – From Idea to Business"

The startup tours held within the framework of the project “I2B – From Idea to Business” organized jointly by

Worldwide Connected Vehicle Shipments Forecast to Reach 76 Million Units by 2023, According to IDC

In its inaugural connected vehicle forecast, International Data Corporation (IDC) estimates that worldwide shipments

Facebook Removes a Record 2.2 Billion Fake Accounts

Facebook Inc. said it removed 2.2 billion fake accounts in the first quarter, a record that shows how the company

Samsung Galaxy A70S Will Be the World’s First Smartphone With a 64-Megapixel Camera: Report

Samsung launched its Galaxy A70 smartphone globally in March this year. The phone features an Infinity

Amazon Is Working on a Device That Can Read Human Emotions

Amazon.com Inc. is developing a voice-activated wearable device that can recognize human emotions.

Apple again becomes world’s most valuable brand

Apple has topped the list of the world’s most valuable brands for the ninth year in a row alongside a slew of tech titans.

Atom Power releases new UL-listed digital circuit breaker to intelligently manage DERs

Atom Power announced its innovative digital circuit breaker technology is now UL-listed. The company says this

Persistence of Chaos: Laptop infected with world’s most dangerous malware up for sale

“The Persistence of Chaos combines the six most dangerous viruses of all time on one laptop. The art project