Students at the Technion found a loophole in the protection of the internet protocol commonly used in the world DNS

Following the discovery, the algorithm will be replaced in the next version of the software

The students Roi Chai and Yonatan Kalchstein from the Faculty of Computer Science at the Technion have located a new weakness (hole), which has not yet been published in the software that implements the DNS protocol widely used in the world - BIND. "We were surprised that we found a loophole in the protocol," said Kalchstein. "We reported it to the body responsible for implementing this, they replied that they were indeed not aware of the problem, and added that they would replace the algorithm in the next version of the software."
The project was carried out in the Computer Networks Laboratory in the Faculty of Computer Science at the Technion, under the guidance of Dr. Gabi Naqibli from the Raphael Company, and won the faculty competition for the outstanding project by Amdocs. In August, the project was published at the academic conference of the information security community Usenix Woot in the USA.
"We developed an attack on DNS, a protocol that is one of the cornerstones of the Internet, and we identified a weakness in one of its implementations," explained Roi Chai. ” The DNS protocol has existed for many years and has been studied by researchers from all over the world. We knew in advance that the chance that we would discover a loophole in the software was very small, but we like challenges."
DNS (domain name system) is one of the most basic protocols on the Internet. It allows access to a distributed database so that computers can translate website names into Internet addresses (IP addresses).
"During the conversion between a name and an address, the DNS servers communicate with each other to find a server that stores the appropriate address," explained Dr. Gabi Naqibli. "The weakness found by the students allows the attacker to make the DNS server contact an impersonating server and receive from it the address of a wrong website. This type of attack gives the attacker an advantage, as he can make computers talk to network stations controlled by him without being able to detect the fraud."