attack
Click on the red underlined text to get to the source
... institute actions which, while not directly harmful, may result in
disclosure of information that either facilitates a subsequent
attack or else violates the users privacy in some way.
...
... Internet, it is
expected to be a popular target for various kind of attacks, and
attacking the underlying DNS infrastructure is one way of attacking
...
... ENUM service itself.
There are multiple types of attacks that can happen against DNS that
ENUM ...
... DNS are various forms of
packet interception: monkey-in-the-middle attacks, eavesdropping
on requests combined with spoofed responses that beat the real
response back to the resolver, and so forth. In any of these
...
... response back to the resolver, and so forth. In any of these
scenarios, the attacker can simply tell either party (usually the
resolver) whatever it wants that party to believe. While packet
interception attacks ...
... attacker can simply tell either party (usually the
resolver) whatever it wants that party to believe. While packet
interception attacks are far from unique to DNS, DNS's usual
...
... query or response in a single
unsigned, unencrypted UDP packet makes these attacks particularly
easy for any bad guy with the ability to intercept packets on a
shared or transit network ...
... client UDP
port for a given client and server. Thus it is possible for a
reasonable brute force attack to allow an attacker to masquerade
...
... client and server. Thus it is possible for a
reasonable brute force attack to allow an attacker to masquerade
as a trusted server ...
... masquerade
as a trusted server. In most respects, this attack is similar to
a packet interception attack except that it does not require the
...
... trusted server. In most respects, this attack is similar to
a packet interception attack except that it does not require the
attacker to be on a transit or shared network ...
... a packet interception attack except that it does not require the
attacker to be on a transit or shared network.
...
... victim's query to another location. The common thread in all of
these attacks is that response messages allow the attacker to
introduce arbitrary DNS names ...
... query to another location. The common thread in all of
these attacks is that response messages allow the attacker to
introduce arbitrary DNS names of the attacker ...
... attacker to
introduce arbitrary DNS names of the attacker's choosing and
provide further information that the attacker claims is associated
...
... DNS names of the attacker's choosing and
provide further information that the attacker claims is associated
with those names; unless the victim has better knowledge of the
data associated with those names, the victim is going to have a
...
... data associated with those names, the victim is going to have a
hard time defending against this class of attacks.
Betrayal By A Trusted Server ...
... Betrayal By A Trusted Server
Another variation on the packet interception attack is the trusted
server that turns out not to be so trustworthy, whether by
accident or by intent. Many client ...
... kind in any domain of discourse), DNS is vulnerable to denial of
service attacks. DNS servers are also at risk of being used as
denial of service ...
... such as DNSSEC [8] once it is deployed. Others, such and Denial Of
Service attacks, cannot be solved by data authentication. It is
important to remember that these threats include not only the NAPTR ...
... translation should not blindly trust that the peer is the intended
party as all kind of attacks against DNS can not be protected against
with DNSSEC ...