This presentation will cover tsuNAME, a vulnerability in DNS which can be used to can greatly amplify queries, potentially resulting in a denial-of-service to DNS services. We document real-world events in .nz (New Zealand's country-level domain), where two misconfigured domains resulted in a 50% increase on overall traffic. We will show the root causes of this event through experiments, and demonstate a 500× amplification factor. In response to our disclosure, several DNS software vendors have documented their mitigations, including Google public DNS. For operators of authoritative DNS services we have developed and released CycleHunter, an open-source tool that detect cyclic dependencies and prevent attacks. The tsuNAME vulnerability is weaponizable, since an adversary can easily create a cycles to attack the infrastructure of a parent domains. Documenting this threat and its solutions is an important step to insuring it is fully addressed.

Target audience: operational / technical


time: 14:25
speakers: Giovane Moura

Other sessions:

5 years of data breach notification obligation in the Netherlands

Analyzing the human factor: Data on security awareness and behavior

Vulnerability reporting - the good, the bad and the ugly

EU Cybersecurity cooperation: What more can we do anno 2021?

Transition to the Internet of Energy: Cybersecurity challenges of bits moving electrons