Network Black Ops: Extracting Unexpected Functionality from Existing Networks presented at BlackHatDC 2006

by Dan Kaminsky,


Summary : Our networks are growing. Is our understanding of them? This talk will focus on the monitoring and defense of very large scale networks, describing mechanisms for actively probing them and systems that may evade our most detailed probes. We will analyze these techniques in the context of how IPv6 affects, or fails to affect them. A number of technologies will be discussed, including:
New findings in our worldwide scans of the DNS infrastructure, particularly focusing on the use of DNS to measure the global spread of the Sony rootkit.
Mechanisms for very high speed reconstruction of IPv4 and IPv6 network topologies, complete with visual representation of those topologies implemented in OpenGL. We will discuss how a graph theoretical approach to network management can (and can't) solve flow control for massive scans.
A temporal attack against IP fragmentation, using variance in fragment reassembly timers to evade Network Intrustion Detection Systems
DNS poisoning attacks against networks that implement automated defensive network shunning, and other unexpected design constraints developers and deployers of security equipment should be aware of