Dear DNS experts,
In a research which we concluded in June 2023 we performed longitudinal
measurements (2020 - 2023) and analysis of abuse of dandling DNS records.
We characterize the abuse and the attackers' infrastructure with
recommendations for countermeasures.
The research will be presented
Dear researchers, operators and developers,
Recently two attack vectors exploiting vulnerabilities in DNSSEC to launch
Denial of Service (DoS) against DNS resolvers were publicly disclosed:
KeyTrap and NSEC3-encloser attack. Both issues were assigned a CVE ID by
MITRE: KeyTrap CVE-2023-50387 and
in the DNSSEC standard and our KeyTrap
attacks that exploit them can be found here:
https://labs.ripe.net/author/haya-shulman/keytrap-algorithmic-complexity-attacks-exploit-fundamental-design-flaw-in-dnssec/
The technical report describing our research can be found here:
https://www.athene
