Trusting Self Reported DNS Name
From Guidance Share
Jump to navigationJump to searchDescription
The use of self-reported DNS names as authentication is flawed and can easily be spoofed by malicious users.
Applies To
- Languages: All
- Operating platforms: All
Example
The following code connects to a remote host and then checks its DNS name to make a trust decision:
sd = socket(AF_INET, SOCK_DGRAM, 0); serv.sin_family = AF_INET; serv.sin_addr.s_addr = htonl(INADDR_ANY); servr.sin_port = htons(1008); bind(sd, (struct sockaddr *) & serv, sizeof(serv)); while (1) { memset(msg, 0x0, MAX_MSG); clilen = sizeof(cli); h=gethostbyname(inet_ntoa(cliAddr.sin_addr)); //Make a trust decision based on DNS name if (h->h_name==...) n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) & cli, &clilen); }
Since DNS name may be spoofed by the remote host, a valid trust decision cannot be made with this information.
Impact
- Authentication: Malicious users can fake authentication information by providing false DNS information.
Vulnerabilities
- Use of DNS name to make a trust decision about a remote host.
Countermeasures
- Design: Use other means of identity verification that cannot be simply spoofed
Vulnerability Patterns