Client-End Cryptographic Extensions Threat Analysis & Implementation of DNS Routing Attacks

We state the discovery, threat posed, resolution of vulnerabilities analyzed and modus operandi of the mass attack implemented. Finally presented is a new idea currently being worked on, involving the use of cryptographic primitives that intend to bypass the theoretically naive "user-administrator" trust assumption as a novel attempt to mould into the upcoming DNS Security Extensions architecture for securing online transactions. The paper deals with the analysis and counter measures of a DNS based routing and packet monitoring attack implemented over a public switched telephone network ISP. All data gathered here is a result of an integrated attack that led to accumulation of original statistics over a period of time. Unlike conventional research carried out on isolated LANs which involve test data and limited subnets, thus network discovery hardly being an issue, our experiments involved creation of real databases out of which, information targeting a particular victim had to be mined due to the dynamic nature of IP assignment, multiple subnets, and multiple switched interfaces (PPP & Ethernet). Continuous monitoring and data mining thus played an important role since conventional ARP based attacks were not possible due to the involvement of multiple interfaces