Methodology for DNS Cache Poisoning Vulnerability Analysis of DNS64 Implementations

The trustworthy operation of the DNS service is a very important precondition for a secure Internet. As we point it out, DNS cache poisoning could be even more dangerous if it is performed against DNS64 servers. Based on RCF 5452, we give an introduction to the three main components of DNS cache poisoning vulnerability, namely Transaction ID prediction, source port number prediction, and birthday paradox based attack, which is possible if a DNS or DNS64 server sends out multiple equivalent queries (with identical QNAME, QTYPE, and QCLASS fields) concurrently. We design and implement a methodology and a testbed, which can be used for the systematic testing of DNS or DNS64 implementations, whether they are susceptible to these three vulnerabilities. We perform the tests with the following DNS64 implementations: BIND, PowerDNS, Unbound, TOTD (two versions) and mtd64-ng. As for the testbed, we use three virtual Linux machines executed by a Windows 7 host. As for tools, we use VMware Workstation 12 Player for virtualization, Wireshark and tshark for monitoring, dns64perf for Transaction ID and source port predictability tests, and our currently developed "birthday-test" program for concurrently sent multiple equivalent queries testing. Our methodology can be used for DNS cache poisoning vulnerablility analysis of further DNS or DNS64 implementations. A testbed with the same structure may be used for security vulnerablility analysis of DNS or DNS64 servers and also NAT64 gateways concerning further threats

Troubleshooting on intra-domain routing instability

Routing instability is a problem directly affecting the reliability of the Internet. While a great deal of effort has been committed to inter-domain routing instability, studies on intra-domain routing have been quite limited. Most network operators still do not have sufficient knowledge on this problem and often complain that: (i) They do not know to what extent the intra-domain routing instability can occur on their networks because this is difficult to detect, and (ii) the causes of this instability are difficult to find. In this paper, we first present the results of some passive measurements we did on intra-domain routing instability. We show the statistical results of OSPF routing information (for both IPv4 and IPv6) we collected on the WIDE Internet and APAN Tokyo-XP network. Through the statistics, we demonstrate how seriously routing instability can occur on a service network. We then propose an approach to help network operators isolate the causes of this. We emphasize the importance of gathering useful data for troubleshooting in event-driven fashion and propose using SNMP or telnet for this. We then explain what kind of data should be collected for the purposes of troubleshooting and how to use this data to isolate the problem

Introduction to AdaIndex — an Adaptive Similarity Search Algorithm in General Metric Spaces

Non

If you have any comments on this document, please contact to [email protected] A Role-Based Peer-to-Peer Approach to Application-Oriented Measurement Platforms

The importance of large-scale measurement infrastructures for grasping the global state of the Internet is recently strongly emphasized. However, a fundamental analysis of these infrastructures has not yet been conducted. In this paper, we highlight the formation of measurement networks and provide a first look at measurement activities performed on those networks. We also propose a scheme for constructing a measurement network, which divides the measurement agent’s roles into core agent and stub agent. This scheme entails only simple adjustment for changing the formation of the measurement network. Through the transition from a centralized system to hybrid and pure peer-to-peer networks, we visualize the flow of measurement procedures and explore the factors that have an influence on the overall performance of measurement systems. Key words: peer-to-peer network, network measurement platform

N-TAP: A Platform of Large-Scale Distributed Measurement for Overlay Network Applications

For sustaining a large-scale overlay network, the knowledge of network characteristics for its optimization is indispensable. However, the collection of such information is often a burden on the developers: why should I struggle to obtain it even though it’s not my intended purpose? As one solution to this problem, this paper presents N-TAP, a distributed measurement infrastructure. For overlay network applications, N-TAP is an independent service that provides network characteristics. N-TAP itself forms the measurement overlay network on which measurement nodes can cooperate in measurement activity, consequently, overlay network applications can take full advantage of novel measurement methodologies. Through the discussion on the problems of distributed measurement, we explore the capability and the future direction of N-TAP.