WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Day 2 Dns Cert 4 Scenarios
1. DNS Security for CERTs
- Attack Scenarios & Demonstrations -
Chris Evans
Delta Risk, LLC
7 March 2010
1
2. Attack Overview
• These attacks are demonstrations only
Fear,
• They are not intended to incite FUD Uncertainty,
Doubt
• Rather, they are intended to
– Show you what’s possible!
– Open a discussion for mitigation & response actions!
2
3. Architecture
• Your Ubuntu VM, Windows TS, Your Host
• Attack Server (192.168.85.5)
• Target NameServer (182.168.101.10)
• Registry System (192.168.101.50)
• Mail Server (192.168.101.50)
3
4. Architecture
• The Target Nameserver
– Bind 9.4
• The Registry System
– A simple PHP application built just for this
demonstration – it has security holes in it!
• The Mail Server
– A webmail system for you to view “phishing” emails
– Login: studentX, password: studentx
4
5. Scenarios
• Cache Poisoning
– Targets the NameServer
– Effects Visible Through DNS Queries, Phishing Email
• NameServer Redelegation
– Targets the NameServer via the Registry Web System
– Effects Visible Through DNS Queries
• Malicious Use
– Targets Individual VMs or Hosts
– Effects Visible Through Traffic Analysis
5
6. Rules of Engagement
• You can use your own systems for these scenarios
• Nothing here is truly malicious – even the bot
demonstration – it can all be removed easily
• The phishing email will NOT do anything malicious –
it will show you a link…
– The website it directs you to will NOT do anything
malicious…
• If you prefer to use the VMs:
– Use your Ubuntu VM for DNS queries & traffic analysis
– Use your Windows TS as the “infected” bot
6
7. Let’s Party…
• Any questions on connectivity?
• If you are having trouble getting connected, please
pair up with a neighbor for the exercises!
?
7