USENIX Conference Policies
Using the Domain Name System for System Break-ins
Steven M. Bellovin, AT&T Bell Laboratories
The DARPA Internet uses the Domain Name System (DNS), a distributed database, to map host names to network addresses, and vice-versa. Using a vulnerability first noticed by P.V. Mockapetris, we demonstrate how the DNS can be abused to subvert system security. We also show what tools are useful to the attacker. Possible defenses against this attack, including one implemented by Berkeley in response to our reports of this problem, are discussed, and the limitations on their applicability are demonstrated.
BibTeX
@inproceedings {189245,
author = {Steven M. Bellovin},
title = {Using the Domain Name System for System Break-ins},
booktitle = {5th USENIX UNIX Security Symposium (USENIX Security 95)},
year = {1995},
address = {Salt Lake City, UT},
url = {https://www.usenix.org/conference/5th-usenix-unix-security-symposium/using-domain-name-system-system-break-ins},
publisher = {USENIX Association},
month = jun
}
author = {Steven M. Bellovin},
title = {Using the Domain Name System for System Break-ins},
booktitle = {5th USENIX UNIX Security Symposium (USENIX Security 95)},
year = {1995},
address = {Salt Lake City, UT},
url = {https://www.usenix.org/conference/5th-usenix-unix-security-symposium/using-domain-name-system-system-break-ins},
publisher = {USENIX Association},
month = jun
}