Trusting Self Reported DNS Name

From Guidance Share
Revision as of 04:56, 7 August 2007 by GardenTender (talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to navigationJump to search

Description

The use of self-reported DNS names as authentication is flawed and can easily be spoofed by malicious users.


Applies To

  • Languages: All
  • Operating platforms: All


Example

The following code connects to a remote host and then checks its DNS name to make a trust decision: 

sd = socket(AF_INET, SOCK_DGRAM, 0);
serv.sin_family = AF_INET;
serv.sin_addr.s_addr = htonl(INADDR_ANY);
servr.sin_port = htons(1008);
bind(sd, (struct sockaddr *) & serv, sizeof(serv));
while (1) {
  memset(msg, 0x0, MAX_MSG);
  clilen = sizeof(cli);
  h=gethostbyname(inet_ntoa(cliAddr.sin_addr));
  //Make a trust decision based on DNS name
  if (h->h_name==...)
     n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) & cli, &clilen);
}

Since DNS name may be spoofed by the remote host, a valid trust decision cannot be made with this information.


Impact

  • Authentication: Malicious users can fake authentication information by providing false DNS information.


Vulnerabilities

  • Use of DNS name to make a trust decision about a remote host.


Countermeasures

  • Design: Use other means of identity verification that cannot be simply spoofed


Vulnerability Patterns


How Tos