22C3 - 2.2

22nd Chaos Communication Congress
Private Investigations

Speakers
Dan Kaminsky
Schedule
Day 2
Room Saal 1
Start time 16:00
Duration 01:00
Info
ID 1108
Event type Lecture
Track Hacking
Language English
Feedback

Black Ops Of TCP/IP 2005.5

New Explorations: Large Graphs, Larger Threats

I will discuss new experiences and potential directions involving scanning massive networks, such as the entire world's DNS infrastructure.

Our networks are growing. Is our understanding of them? This talk will focus on the monitoring and defense of very large scale networks, describing mechanisms for actively probing them and systems that may evade our most detailed probes. We will analyze these techniques in the context of how IPv6 affects, or fails to affect them. A number of technologies will be discussed, including:

  • New findings in our worldwide scans of the DNS infrastructure
  • Mechanisms for very high speed reconstruction of IPv4 and IPv6 network topologies, complete with visual representation of those topologies implemented in OpenGL. We will discuss how a graph theoretical approach to network management can (and can't) solve flow control for massive scans.
  • A temporal attack against IP fragmentation, using variance in fragment reassembly timers to evade Network Intrustion Detection Systems
  • DNS poisoning attacks against networks that implement automated defensive network shunning, and other unexpected design constraints developers and deployers of security equipment should be aware of
  • In addition, we'll briefly discuss the results of research against MD5, which allows two very different web pages to emit the same MD5 hash.