28% of DNS traffic is intercepted by internet providers

Most people's DNS queries – by which browsers and other software resolve domain names into IP addresses – remain unprotected while flowing over the internet.
And that's because, you may not be surprised to know, the proposed standards to safeguard DNS traffic – such as DNSSEC and DNS-over-HTTPS – have yet to be fully baked and aren't yet widely adopted.
DNSSEC, for one, aims to prevent miscreants tampering with intercepted domain-name lookups by digital signing the answers – making any forgeries obvious to software. DNS-over-TLS and DNS-over-HTTPS aim to do this, too, and encrypt the queries so eavesdroppers on the network can't snoop on what sites you're visiting.
Without these safeguards in wide (or any) use, DNS traffic remains unencrypted and unauthenticated, meaning they can be potentially spied on and meddled with to redirect people to malicious websites masquerading as legit sites.
Researchers from universities in China and the US recently decided to check whether or not this is actually happening, and found that traffic interception a reality for a small but significant portion of DNS queries – 0.66 per cent of DNS requests over TCP – across a global sample of residential and cellular IP addresses.
The boffins – Baojun Liu, Chaoyi Lu, Haixin Duan, and Ying Liu from Tsinghua University in China; Zhou Li and Shuang Hao from the University of Texas at Dallas; and Min Yang from Fudan University in China – describe the results of their inquiry in a paper presented at this week's USENIX Security Symposium.
The paper, "Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path," describes how the researchers set up a system to measure DNS interception across 148,478 residential and cellular IP addresses around the world.
Internet users may choose their own DNS resolvers, by manually pointing their applications and operating systems at, say, Google Public DNS ( or Cloudflare ( Usually, however, people accept whatever DNS resolver the network or their ISP automatically provides.
If an intermediary intercepts a DNS request, that isn't necessarily nefarious, but it could lead to undesirable consequences. At the very least, it deprives those using the internet of choice and privacy.
The researchers looked for providers spoofing the IP addresses of users' specified DNS resolvers to intercept DNS traffic covertly. They designed their study to focus on registered domains and to omit sensitive keywords, to avoid the influence of content censorship mechanisms.
They found DNS query interception in 259 of the 3,047 service provider AS collections tested, or 8.5 per cent. (The research paper uses the term "ASes," which stands for Autonomous Systems, networking terminology for a collection of IP address blocks assigned to ISPs and other organizations.)
UDP as easy as 123
In terms of packets sent to Google Public DNS, 27.9 per cent of UDP-based packets were intercepted, compared to about 7.3 per cent of data sent over TCP, it is claimed. (Most of DNS requests are sent over UDP and intercepting UDP traffic is easier from a technical perspective, the researchers explain.)
Google DNS appears to be particularly appealing as an interception target for service providers. "We also discover 82 ASes are intercepting more than 90 per cent of DNS traffic sent to Google Public DNS," the researchers observed in their paper.
Comcast Cable Communications in the US is cited as the controller of AS7922, which was found intercepting a small portion of Google Public DNS traffic.
"Among our 13,466 DNS requests sent from this AS to Google DNS, 72 (0.53 per cent) are redirected, with alternative resolvers outside Google actually contacting our authoritative nameservers," the paper stated.
The researchers speculate that on-path devices handling interception are only deployed in a limited number of sub-networks for this AS and allow that it's possible a Comcast customer rather than the company itself deployed these devices.
Providers in China were cited as conducting the most interception. China Mobile, for example, gets singled out for alleged involvement in DNS tampering for profit.
"As an example, 8 responses from Google Public DNS are tampered in AS9808 (Guangdong Mobile), pointing to a web portal which promotes an APP of China Mobile," the paper stated.
In an email to The Register, Nick Sullivan, head of cryptography at Cloudflare, said that the lack of encryption and authentication in DNS is widely seen as one of the internet's biggest unpatched bugs.
"This bug is known to be exploited by networks for various reasons, but the extent to which networks are intercepting DNS queries is not well known," he said. "This paper is significant because it is one of the most widespread measurement studies done on the prevalence of DNS interception is on the internet."
Sullivan said it was surprising to see just how high the rate of interception is in some instances.
"The researchers found that interception rates for DNS queries directed to popular public DNS resolvers are high overall, and in some networks as high as 100 per cent," he said. "Not all the intercepted DNS queries were modified or recorded, but they could be, which has huge implications for privacy and security online. These findings accelerate the need to patch this bug by transitioning DNS from an unencrypted protocol to one that is protected by strong encryption and authentication technologies."

Views: 49

©ictnews.az. All rights reserved.

Facebook Google Favorites.Live BobrDobr Delicious Twitter Propeller Diigo Yahoo Memori MoeMesto

17 September 2019

Volocopter tests air taxi in urban environment

Volocopter has completed the first phase of the testing of its Volovopter 2X air taxi in urban environment

Edward Snowden advised officials to abandon WhatsApp and Telegram

Representatives of the government, using WhatsApp and Telegram messengers for communication, are at great risk

Motorola TV With Android TV 9.0 Launched

Motorola has jumped onto a new product line and announced its own TV series

Wi-Fi Alliance launches Wi-Fi 6 certification

The Wi-Fi Alliance has officially launched the Wi-Fi 6 certification programme just under a year after the standard 

First Earth observation satellite with AI ready for launch

A few months from now will see the launch of the first European satellite to demonstrate how onboard artificial intelligence 

Vivo announces Nex 3 5G with ‘waterfall’ curved screen, 64-megapixel camera, and virtual buttons

After months of leaks and teases, Vivo’s Nex 3 is finally official. As expected, the headline feature is its “Waterfall FullView” OL

16 09 2019

Apple iPhone XR Became the Highest Selling Smartphone Globally in H1 2019

Apple’s iPhone XR has become the world’s best-selling smartphone during the first half of the calendar year 2019

Sony Develops 16K Display: A 783-Inch ‘Crystal LED’ Screen

Sony said at the National Association of Broadcasters (NAB) trade show that it had developed a screen featuring a 16K resolution that uses its Crystal

AdaptiveMobile Security Uncovers Sophisticated Hacking Attacks on Mobile Phones, Exposing Massive Network Vulnerability

Following extensive research, AdaptiveMobile Security, a world leader in cyber-telecoms security, today announced it has uncovered a new and previousl

France And Germany Issue Statement Agreeing To Block Facebook’s Libra In Europe

Facebook’s cryptocurrency aspirations have been put on hold in Europe as both France and Germany have come out against the idea

Delegation led by Minister Ramin Guluzade on visit to Kazakhstan

The 55th joint meeting of the Heads of Communications Administration of the Regional Commonwealth 

VESA launches DisplayHDR 1.1 spec, DisplayHDR 1400 tier

The Video Electronic Standards Association (VESA) has announced an update to its DisplayHDR high dynamic range standard, setting a higher bar for adhe

IBM to install quantum computing system in Germany

IBM to install quantum computing system in Germany

Korea to deploy ‘ambulance drones’ at mountains next year

South Korea seeks to deploy first-aid drones at popular mountains next year to deliver emergency medical supplies to victims on time, officials said F