In Depth Analysis of Multicast DNS and DNS Service Discovery

Explore an in-depth analysis of Multicast DNS and DNS Service Discovery protocols in this conference talk from Hack In The Box Security Conference. Delve into the inherent weaknesses of these Zero Configuration Networking protocols, including their generous broadcasting of information and use of easily spoofable messages. Examine the complete threat analysis and potential attack vectors against popular devices, implementations, and operating systems in both IPv4 and IPv6 environments. Learn about the specially developed tool used for testing and the implications of using these protocols in non-cooperative environments. Discover various attack types, including service discovery, information gathering, spoofing, denial of service, and DDoS amplification. Gain insights into the current state of these protocols, recurring problems, and potential mitigation strategies. Benefit from the expertise of Dr. Antonios Atlasis, an IT Security engineer and researcher specializing in network protocol analysis, attacks, and mitigations.

Intro
Objectives
Threat Analysis Methodology
Introduction
In a nutshell...
mDNS: A few more details...
and a few words for DNS-SD
What's the Inherent Problem(s)
Related Work
Types of Attacks
Discovery of available services
A Special Service
Discovering Instances of a Specific Service • Query for a DNS PTR record with a name of
Information Gathering
How Pholus Automates Reconnaissance
Advertised DNS Reverse Mapping
Implicit Network Sweeping
Spoofing Services Manually
Spoofing TXT ans SRV Records
Send Automatically Fake Responses
An Asymmetric Key Verification Example
Spoofing-Related Options
and What About TXT Records?
How to Reproduce Overflow Attempts
Is there Room for DNS Cache Poisoning?
Denial of Service Setting DNS TTL:=0
Setting DNS TTL=0 Using Pholus
Probing
Denial of Service + Net Flooding Creating Conflicts deliberately
Other Dos Capabilities
Generic Flooding of a Network
Direct Unicast Queries
DDoS (Amplification) Attack
Situation Nowadays
Sometimes Problems re-appear...
How to Reproduce the Attacks Using Pholus?
Mitigation?
Permanent Fix?
Conclusions
References
Questions?