[governance] A Survey of DNS Security

Robert Guerra rguerra at lists.privaterra.org
Sun Apr 30 17:39:16 EDT 2006


A reference to this message just appeared on Dave Farber's IP list.
Thought that it would of interest to share with this list given that
cybersecurity is being raised as a key issue for the IGF.

regards

Robert

--


http://www.cs.cornell.edu/people/egs/beehive/dnssurvey.html

A Survey of DNS Security: Most Vulnerable and Valuable Assets

It is well-known that nameservers in the Domain Name System are
vulnerable to a wide range of attacks. We recently performed a large
scale survey to answer some basic questions about the legacy DNS:

    * Which domain names are the most vulnerable?
    * Which servers control the largest portion of the namespace and are
thus likely to be attacked?
    * Are there any servers with known security holes, and which domain
names do they affect?

We present the results from this survey below in the hope of identifying
problem spots in the Internet and thus improving the security of our
common cyberinfrastructure. This study is based entirely on public data
- all information available on these pages is also available to others
with less-than-honorable intentions.
Survey Methodology

We collected 593160 unique webserver names from the Yahoo! and DMOZ.org
web directories. Since the names were extracted from web directories
instead of being generated automatically, they have been filtered
through a preliminary level of human scrutiny. Though it is clear that
the level of scrutiny is not extremely high (i.e. there are some spam
hostnames in the survey), we believe that these names are representative
of the sites people actually care about.

We then queried the legacy DNS for these names and recorded the chain of
nameservers that are involved in their resolution. We thus obtained a
snapshot of the dependencies in the DNS system. A total of 166771
nameservers were discovered in this process. The survey was performed on
July 22, 2004.

The name delegation data enabled us to answer some basic questions about
DNS security.

[snipped..]

-- 
Robert Guerra <rguerra at privaterra.org>
Managing Director, Privaterra
Tel +1 416 893 0377 Fax +1 416 893 0374


_______________________________________________
governance mailing list
governance at lists.cpsr.org
https://ssl.cpsr.org/mailman/listinfo/governance



More information about the Governance mailing list