Security News > 2020 > December > How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results?
Carnegie Mellon University PhD student Aqsa Kashaf and her advisors Dr. Vyas Sekar and Dr. Yuvraj Agarwal have analyzed third party service dependencies in modern web services, with a special focus on DNS, CDN, and SSL certificate revocation checking by CA. Their research was meant to determine if incidents like the 2016 Dyn DDoS attack, the 2016 GlobalSign certificate revocation error and the 2019 Amazon Route 53 DDoS attack would lead to similar results in 2020.
"6% of the top-100K websites that were critically dependent in 2016, have moved to a private DNS in 2020. On the other hand, 10.7% of the websites which used a private DNS in 2016, have moved to a single third party DNS provider. Between these snapshots, redundancy has remained roughly similar. Overall, critical dependency has increased by 4.7% in 2020. More popular websites have decreased their critical dependency," they noted.
"72% of the websites are critically dependent on 3 DNS providers when we consider direct CA to DNS dependency as compared to 40% when we just account for website to DNS dependency," the researchers pointed out.
"DNS spoofing is when a third-party responds to a DNS query, allowing them to see and modify the reply. DNS spoofing can be accomplished by proxying, intercepting and mod- ifying traffic; DNS injection, where responses are returned more quickly than the official servers; or by modifying configurations in end hosts," they explained.
Through their research they discovered that DNS spoofing is still rare but has been increasing during the observed period, and that proxying is the most common DNS spoofing mechanism.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ztwsp9zChiU/