[Zurück]


Beiträge in Tagungsbänden:

O. van der Toorn, R. van Rijswijk-Deij, T. Fiebig, M. Lindorfer, A. Sperotto:
"TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records";
in: "International Workshop on Traffic Measurements for Cybersecurity (WTMC)", IEEE, 2020, ISBN: 978-1-7281-8598-9.



Kurzfassung deutsch:
The DNS TXT resource record is the one with the most flexibility for its contents, as it is a largely unstructured. Although it might be the ideal basis for storing any form of text-based information, it also poses a security threat, as TXT records can also be used for malicious and unintended practices. Yet, TXT records are often overlooked in security research. In this paper, we present the first structured study of the uses of TXT records, with a specific focus on security implications. We are able to classify over 99.54% of all TXT records in our dataset, finding security issues including accidentally published private keys and exploit delivery attempts. We also report on our lessons learned during our large-scale, systematic analysis of TXT records.

Kurzfassung englisch:
The DNS TXT resource record is the one with the most flexibility for its contents, as it is a largely unstructured. Although it might be the ideal basis for storing any form of text-based information, it also poses a security threat, as TXT records can also be used for malicious and unintended practices. Yet, TXT records are often overlooked in security research. In this paper, we present the first structured study of the uses of TXT records, with a specific focus on security implications. We are able to classify over 99.54% of all TXT records in our dataset, finding security issues including accidentally published private keys and exploit delivery attempts. We also report on our lessons learned during our large-scale, systematic analysis of TXT records.


"Offizielle" elektronische Version der Publikation (entsprechend ihrem Digital Object Identifier - DOI)
http://dx.doi.org/10.1109/EuroSPW51379.2020.00080

Elektronische Version der Publikation:
https://publik.tuwien.ac.at/files/publik_292580.pdf


Erstellt aus der Publikationsdatenbank der Technischen Universität Wien.