|
To be able to communicate with another computer in the Internet, one needs to know its IP address. This address consists of 4 sets of numbers between 0 and 255, e.g. 194.95.176.226. As such numbers are not very easy to memorise, almost all IP addresses are assigned names. This method is termed DNS (Domain Name System). Consequently, the WWW server of the BSI can be addressed under http://www.bsi.bund.de as well as http://194.95.176.226, because the name is converted into the IP address during polling.
The databases in which computer names are assigned IP addresses, and vice versa, are located on name servers. Two databases are available for allocation of names to IP addresses. The first database allocates IP addresses to names, while the second database allocates names to IP addresses. These databases need not be mutually consistent! DNS spoofing is said to occur when an intruder becomes successful in forging an allocation between a computer name and an IP address, i.e. assigning a name to a false address, or vice versa.
This allows the following types of intrusion:
The ease with which DNS spoofing can be performed depends on how the attacked network has been configured. As no computer can hold all the DNS information existing in the world, it always has to rely on information from other computers. To reduce the volume of DNS requests, most name servers temporarily store information which they have received from other name servers.
Once someone has infiltrated a name server, they are also able to modify the information it holds. Direct intrusion into a name server is not considered further here. Instead, the principal shortcomings of DNS are mentioned.
The two examples below are intended to describe different techniques of DNS spoofing.
These two examples are based on the assumption that name servers also accept additional data which they had not requested in the first place. New versions of certain software programs (e.g. bind) no longer contain this error, thus preventing intrusions by this means. However, IP spoofing can still be used to generate false DNS entries, although this type of intrusion is technically much more complicated.
© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000
Last Update on 6 April 2000
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
last update: July 1999 |