Dai, Tianxiang and Shulman, Haya and Waidner, Michael (2021) DNS-over-TCP considered vulnerable. In: ANRW 2021 - Proceedings of the 2021 Applied Networking Research Workshop :. ANRW 2021 - Proceedings of the 2021 Applied Networking Research Workshop . ACM, New York, pp. 76-81. ISBN 9781450386180
Full text not available from this repository.Abstract
The research and operational communities believe that TCP provides protection against IP fragmentation attacks and recommend that servers avoid sending DNS responses over UDP but use TCP instead. In this work we show that IP fragmentation attacks also apply to servers that communicate over TCP. Our measurements indicate that in the 100K-top Alexa domains there are 393 additional domains whose nameservers can be forced to (source) fragment IP packets that contain TCP segments. In contrast, responses from these domains cannot be forced to fragment when sent over UDP. Our study not only shows that the recommendation to use TCP instead of UDP in order to avoid attacks that exploit fragmentation is risky, but it also unveils that the attack surface due to fragmentation is larger than was previously believed. We evaluate IP fragmentation-based DNS cache poisoning attacks against DNS responses over TCP.