[PDF][PDF] TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets
DNS can be compared to a game of chess in that its rules are simple, yet the possibilities it
presents are endless. While the fundamental rules of DNS are straightforward, DNS …
presents are endless. While the fundamental rules of DNS are straightforward, DNS …
TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers
In this paper, we present a new DNS amplification attack, named TsuKing. Instead of
exploiting individual DNS resolvers independently to achieve an amplification effect …
exploiting individual DNS resolvers independently to achieve an amplification effect …
[PDF][PDF] Ghost domain reloaded: Vulnerable links in domain name delegation and revocation
In this paper, we propose PHOENIX DOMAIN, a general and novel attack that allows
adversaries to maintain the revoked malicious domain continuously resolvable at scale …
adversaries to maintain the revoked malicious domain continuously resolvable at scale …
{ResolverFuzz}: Automated Discovery of {DNS} Resolver Vulnerabilities with {Query-Response} Fuzzing
Domain Name System (DNS) is a critical component of the Internet. DNS resolvers, which
act as the cache between DNS clients and DNS nameservers, are the central piece of the …
act as the cache between DNS clients and DNS nameservers, are the central piece of the …
Rethinking the Security Threats of Stale {DNS} Glue Records
The Domain Name System (DNS) fundamentally relies on glue records to provide
authoritative nameserver IP addresses, enabling essential in-domain delegation. While …
authoritative nameserver IP addresses, enabling essential in-domain delegation. While …
Cross the Zone: Toward a Covert Domain Hijacking via Shared {DNS} Infrastructure
Domain Name System (DNS) establishes clear responsibility boundaries among
nameservers for managing DNS records via authoritative delegation. However, the rise of …
nameservers for managing DNS records via authoritative delegation. However, the rise of …
Multimodel Collaboration to Combat Malicious Domain Fluxing
This paper proposes a novel domain-generation-algorithm detection framework based on
statistical learning that integrates the detection capabilities of multiple heterogeneous …
statistical learning that integrates the detection capabilities of multiple heterogeneous …
[PDF][PDF] DNSBOMB: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses
DNS employs a variety of mechanisms to guarantee availability, protect security, and
enhance reliability. In this paper, however, we reveal that these inherent beneficial …
enhance reliability. In this paper, however, we reveal that these inherent beneficial …
E-DoH: Elegantly Detecting the Depths of Open DoH Service on the Internet
C Dong, J Yang, Y Li, Y Wu, Y Chen, C Li… - arXiv preprint arXiv …, 2024 - arxiv.org
In recent years, DNS over Encrypted (DoE) methods have been regarded as a novel trend
within the realm of the DNS ecosystem. In these DoE methods, DNS over HTTPS (DoH) …
within the realm of the DNS ecosystem. In these DoE methods, DNS over HTTPS (DoH) …
Measuring Encrypted DNS Service with TLS1. 3 Support over IPv6
L Jiao, J Li, W Zhang, T Cui, Y Zhou… - … IEEE Symposium on …, 2024 - ieeexplore.ieee.org
The Encrypted Domain Name System (DNS) and Encrypted Server Name Indication (ESNI)
are recently proposed to enhance network security and privacy protection; we refer to these …
are recently proposed to enhance network security and privacy protection; we refer to these …