Dai, Tianxiang and Jeitner, Philipp and Shulman, Haya and Waidner, Michael (2021) From IP to transport and beyond: cross-layer attacks against applications. In: SIGCOMM 2021 - Proceedings of the ACM SIGCOMM 2021 Conference :. SIGCOMM 2021 - Proceedings of the ACM SIGCOMM 2021 Conference . ACM, New York, pp. 836-849. ISBN 9781450383837
Full text not available from this repository.Abstract
We perform the first analysis of methodologies for launching DNS cache poisoning: manipulation at the IP layer, hijack of the inter-domain routing and probing open ports via side channels. We evaluate these methodologies against DNS resolvers in the Internet and compare them with respect to effectiveness, applicability and stealth. Our study shows that DNS cache poisoning is a practical and pervasive threat. We then demonstrate cross-layer attacks that leverage DNS cache poisoning for attacking popular systems, ranging from security mechanisms, such as RPKI, to applications, such as VoIP. In addition to more traditional adversarial goals, most notably impersonation and Denial of Service, we show for the first time that DNS cache poisoning can even enable adversaries to bypass cryptographic defences: we demonstrate how DNS cache poisoning can facilitate BGP prefix hijacking of networks protected with RPKI even when all the other networks apply route origin validation to filter invalid BGP announcements. Our study shows that DNS plays a much more central role in the Internet security than previously assumed. We recommend mitigations for securing the applications and for preventing cache poisoning.