bloxHub

www.infoblox.com/community

Another Angle on Prefetching

For another angle on the risks of browser prefetching, read this paper by Srinivas Krishnan and Fabian Monrose. The authors describe algorithms that allow a hacker with access to a shared name server's cache to determine -- with remarkable accuracy -- what terms users with prefetching browsers are searching for.

This is also a good reminder of the importance of locking down queries to your name server. Through judicious use of BIND's allow-query and allow-query-cache sub-statements, you can prevent unauthorized queriers from snooping your cache, whether or not your users use prefetching browsers. Recipe 7.12.2 in my DNS & BIND Cookbook shows how to do this with just allow-query. allow-query-cache actually makes it a little easier, but that exercise is left to the reader. 

 

File attachments: 
Archived: 
Section: 
Cricket on DNS

Tags:

DNS security

Comments

Really liked this. It also makes one wonder how easy it is to inject information into the local cache to redirect. This was very interesting, thanks.

+1
0
-1

After almost a year of watching and reading you, it seems like you have the mindset of what i need to know next, regarding DNS, thank you for taking over this position!

+1
0
-1

Add comment

Log in or register to post comments

Welcome to bloxHub

Welcome to bloxHub, our community for users of Infoblox products. Most of our content can be viewed as a guest, but if you wish to contribute or join a conversation, you will need to log in. If you don't have a bloxHub account, we invite you to register an account and join us.

Follow us on Twitter

Follow us on Twitter at @bloxHub and we'll keep you notified of new content on the community as well as webinars and other items of interest to Infoblox users.

Recent tweets

More