Question

In: Computer Science

What is a DNS cache poisoning attack, and how does it affect a network client? How...

  1. What is a DNS cache poisoning attack, and how does it affect a network client?

  1. How does the Response Rate Limiting role feature mitigate a DNS amplification attack?

  1. What are the two keys that must be generated if you want to secure a zone with a digital signature? What is the purpose of each?

  1. What is DNS delegated administration, why might you want to use it, and how do you configure it?

  1. How are trust anchors distributed?

Solutions

Expert Solution

DNS cache poisoning attack:

  • The DNS cache poisoning attack is defined as the attack which target the user to enter into an fake website by giving false DNS information to the user.
  • In this attack, attacker enters the false information into DNS cache. When user requests to the DNS server for the information about particular legitimate website, this DNS sever respond to that user with false information entered by the attacker. When user use that information it redirects to the attacker's website(website information given by attacker).
  • By this attack, network clients may effect because don't know that DNS spoofing is performed. So they trust the information and uses it. By this, the network client is directed to the wrong website and his system is effected with vulnerabilities.

Response Rate Limiting :

  • Response Rate Limiting is a tool used to avoid the DNS amplification attacks like DNS spoofing, DNS poisoning attacks etc..
  • The role of RRL is to maintain the responding of limited queries to each client.
  • Responding to one client continuously may lead to DNS amplification attacks.
  • So it uses a token bucket which fills the order of clients requests. But it do not fill so many requests of same client. It only respond one time to the each client.
  • It verifies the IP addresses of clients of requests received to consider they are authorized users or not.
  • This makes the DNS server respond only to the authorized clients.

Two keys of Digital signature to secure a zone :

  • To secure a zone by using Digital signature two keys are needed.
  • For digital signature, two keys are needed to be generate.
  • The Public key, Private key are the two keys need to be generate for digital signature.
  • Public key : It is send by the sender to the receiver who want to access the information.
  • Private key : This key is maintained by the sender and receiver individually.With that key, they can protect the data. Sender encrypts the zone information with his private key. And receiver decrypt the zone information with his private key and public key(sent by the sender).

DNS Delegated administration :

  • DNS delegation administration means breaking or dividing the larger zones into smaller zones.
  • This will maintained by the DNS manager console .
  • It divides the larger zones into smaller zones.
  • It will create sub zones for larger zones.
  • We might use this to reduce the complexity and to provide correct details for DNS queries of the clients.

Trust anchors :

  • Trust anchors are distributed by DNS manager console.
  • A Trust anchor is used to validate the DNS data in zone.
  • It is assigned for signed zones.
  • These are distributed by DNS manager console to each and every signed zone.

Related Solutions

Network security question: what is dns? how does it work? identify the attack surface of dns....
Network security question: what is dns? how does it work? identify the attack surface of dns. clearly detail how the exploitable services of dns can be attacked
What is DNS cache locking, and what does it prevent? How does a system administrator enable...
What is DNS cache locking, and what does it prevent? How does a system administrator enable scavenging? How are a stub zone records updated if the stub zone is Active Directory integrated? What does the Windows Server 2016 feature "DNS Policy" allow an administrator to manage? How does DNSSEC use zone signing to help secure zones?
How does SARS_COV2 attack the immune system? How does it affect the pulmonary system? What makes...
How does SARS_COV2 attack the immune system? How does it affect the pulmonary system? What makes this disease so devastating for some, resulting in 'cytokine storm', the need for a ventilator, and death? For survivors, what are the long term effects of having this disease? Finally, after doing some research, what questions do you have about this disease?
Describe how the Heartbleed attack happens. What is the type of this attack? Where does the...
Describe how the Heartbleed attack happens. What is the type of this attack? Where does the vulnerability exist? Describe the vulnerability and how it is exploited? Describe the consequences of the attack?
Rocket Pitch (Housekeeping idea) Issue What is the problem? How does it affect the client? The...
Rocket Pitch (Housekeeping idea) Issue What is the problem? How does it affect the client? The solution of the problem What is the solution? Value proposal? What is the product or service? Benefits offered? Market What is the target market? Size of the market? Estimated in sales? Expected growth? Gross profit? Resources What resources do you need? What is the purpose?
A successful attack to the Internet DNS would be devastating. Explain what type of attacks can...
A successful attack to the Internet DNS would be devastating. Explain what type of attacks can be made towards DNS. Why, to-date, such attacks in practice have not been successful? In your answer, you should consider caching in particular. Why such technique has not only proven to provide better performance, which is its original goal, but also protection against security attacks.
Q1/ A- What is cache memory and how it works? B- What are the three cache...
Q1/ A- What is cache memory and how it works? B- What are the three cache mapping approaches and what is the pros and cons of each approach? C- What is the cache replacement policies and read/write policies?
in order to destroy a DNS server what kind of attack can you propose? discuss possible...
in order to destroy a DNS server what kind of attack can you propose? discuss possible protections to your proposals
The Domain Name System (DNS) is used in what capacity and how does it work?
The Domain Name System (DNS) is used in what capacity and how does it work?
What is a network externality? How does a network externality serve as a barrier to entry?...
What is a network externality? How does a network externality serve as a barrier to entry? Is this barrier surmountable? Provide one example. Make sure you carefully explain your answer. – Maximum number of words 120
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT