Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- The KeyTrap Denial-of-Service Algorithmic Complexity Attacks On DNS[6]
- Authored by Niklas Vogel[7], Haya Schulmann[8], Michael Waidner[9], Elias Heftrig[10] | Site athene-center.de[11]
-
In this paper, the authors show that the design of DNSSEC is flawed. Exploiting vulnerable recommendations in the DNSSEC standards, they developed a new class of DNSSEC-based algorithmic complexity attacks on DNS, they dubbed KeyTrap attacks. All popular DNS implementations and services are vulnerable. With just a single DNS packet, the KeyTrap attacks lead to a 2.000.000x spike in CPU instruction count in vulnerable DNS resolvers, stalling some for as long as 16 hours. This devastating effect prompted major DNS vendors to refer to KeyTrap as "the worst attack on DNS ever discovered". Exploiting KeyTrap, an attacker could effectively disable Internet access in any system utilizing a DNSSEC-validating resolver.
- SHA-256 |
4c1743e665520f276be83b47e7a1ae86496ca84f1935e9197aa5b5736fc57eb4
- Download[12] | Favorite[13] | View[14]
File Tags
- ActiveX[20] (933)
- Advisory[21] (84,238)
- Arbitrary[22] (16,552)
- BBS[23] (2,859)
- Bypass[24] (1,814)
- CGI[25] (1,032)
- Code Execution[26] (7,565)
- Conference[27] (687)
- Cracker[28] (844)
- CSRF[29] (3,369)
- DoS[30] (24,330)
- Encryption[31] (2,381)
- Exploit[32] (52,553)
- File Inclusion[33] (4,242)
- File Upload[34] (982)
- Firewall[35] (822)
- Info Disclosure[36] (2,829)
- Intrusion Detection[37] (905)
- Java[38] (3,114)
- JavaScript[39] (887)
- Kernel[40] (6,929)
- Local[41] (14,644)
- Magazine[42] (586)
- Overflow[43] (12,975)
- Perl[44] (1,430)
- PHP[45] (5,170)
- Proof of Concept[46] (2,364)
- Protocol[47] (3,686)
- Python[48] (1,590)
- Remote[49] (31,254)
- Root[50] (3,613)
- Rootkit[51] (519)
- Ruby[52] (616)
- Scanner[53] (1,647)
- Security Tool[54] (7,962)
- Shell[55] (3,231)
- Shellcode[56] (1,216)
- Sniffer[57] (899)
- Spoof[58] (2,237)
- SQL Injection[59] (16,477)
- TCP[60] (2,420)
- Trojan[61] (688)
- UDP[62] (896)
- Virus[63] (668)
- Vulnerability[64] (32,440)
- Web[65] (9,830)
- Whitepaper[66] (3,767)
- x86[67] (966)
- XSS[68] (18,119)
- Other[69]
File Archives
- February 2024[70]
- January 2024[71]
- December 2023[72]
- November 2023[73]
- October 2023[74]
- September 2023[75]
- August 2023[76]
- July 2023[77]
- June 2023[78]
- May 2023[79]
- April 2023[80]
- March 2023[81]
- Older[82]
Systems
- AIX[83] (429)
- Apple[84] (2,060)
- BSD[85] (375)
- CentOS[86] (57)
- Cisco[87] (1,926)
- Debian[88] (6,971)
- Fedora[89] (1,693)
- FreeBSD[90] (1,246)
- Gentoo[91] (4,459)
- HPUX[92] (880)
- iOS[93] (369)
- iPhone[94] (108)
- IRIX[95] (220)
- Juniper[96] (69)
- Linux[97] (48,654)
- Mac OS X[98] (691)
- Mandriva[99] (3,105)
- NetBSD[100] (256)
- OpenBSD[101] (487)
- RedHat[102] (15,121)
- Slackware[103] (941)
- Solaris[104] (1,611)
- SUSE[105] (1,444)
- Ubuntu[106] (9,301)
- UNIX[107] (9,371)
- UnixWare[108] (187)
- Windows[109] (6,627)
- Other[110]
- Services
- Security Services[121]
- Hosting By
- Rokasec[122]
Read more https://packetstormsecurity.com/files/177250/Technical_Report_KeyTrap.pdf