This course provides a thorough analysis of Multicast DNS and DNS Service Discovery protocols, focusing on their vulnerabilities and potential attack vectors. The learning outcomes include understanding the weaknesses of these protocols, identifying attack scenarios, and testing against real-life implementations. The course teaches skills such as reconnaissance, spoofing services, DNS cache poisoning, denial of service attacks, and mitigation strategies. The teaching method involves following RFC specifications, conducting specific testing scenarios, and using a tool developed for this purpose. The intended audience for this course includes IT security professionals, network engineers, and individuals interested in network protocols and cybersecurity.
In Depth Analysis of Multicast DNS and DNS Service Discovery
Hack In The Box Security Conference via YouTube
Overview
Syllabus
Intro
Objectives
Threat Analysis Methodology
Introduction
In a nutshell...
mDNS: A few more details...
and a few words for DNS-SD
What's the Inherent Problem(s)
Related Work
Types of Attacks
Discovery of available services
A Special Service
Discovering Instances of a Specific Service • Query for a DNS PTR record with a name of
Information Gathering
How Pholus Automates Reconnaissance
Advertised DNS Reverse Mapping
Implicit Network Sweeping
Spoofing Services Manually
Spoofing TXT ans SRV Records
Send Automatically Fake Responses
An Asymmetric Key Verification Example
Spoofing-Related Options
and What About TXT Records?
How to Reproduce Overflow Attempts
Is there Room for DNS Cache Poisoning?
Denial of Service Setting DNS TTL:=0
Setting DNS TTL=0 Using Pholus
Probing
Denial of Service + Net Flooding Creating Conflicts deliberately
Other Dos Capabilities
Generic Flooding of a Network
Direct Unicast Queries
DDoS (Amplification) Attack
Situation Nowadays
Sometimes Problems re-appear...
How to Reproduce the Attacks Using Pholus?
Mitigation?
Permanent Fix?
Conclusions
References
Questions?
Taught by
Hack In The Box Security Conference
