Seeing Dr. Pound's eyes light up every time he mentions filling up some random computer with malware gives me so much energy

@snghnishant

3 жыл бұрын

😂

@talhatariqyuluqatdis

3 жыл бұрын

Hahaha

@johnf7332

3 жыл бұрын

I just realized the other day I have 200+ samples on my work laptop. It’s all locked-down and [hopefully] can’t execute, but like... I’m kinda hesitant to pick it up now. Lol (I study malware, I’m not just a SUPER infected user)

@mrnik.0

3 жыл бұрын

Well he works in Internet and Computer Security as far as I know so his job is basically understanding how to fill up some random computer with malware ^^ It‘s obvious he‘s doing something he is passionate about which is nice.

@thatguywhowouldnotsharehis2062

3 жыл бұрын

@@mrnik.0 00

beautiful pen flip at 10:07

@khalid5d3

3 жыл бұрын

Now I cant stoping replaying it over and over

@TheDevilItSelf

3 жыл бұрын

Just about to write that, now gonna practice that :)

@rajiv8k

3 жыл бұрын

@@TheDevilItSelf If you haven't figured it out yet, you need to hold the pen such that it is resting on your middle and ring finger. The thumb rests on the pen such that it is slightly off(towards the index finger) from the pen's center of gravity. Now flick the pen around your thumb with the middle finger and the ring finger.

@TheDevilItSelf

3 жыл бұрын

@@rajiv8k thanks dude, thats actually really helpful

@jhonbus

3 жыл бұрын

I AM INVINCIBLE!

Out of all Computerphile presenters, Dr. Pound, in my opinion, is simply the best! He explanations are bang on and are super easy to grasp. Whenever I see a notification for a video featuring him, I leave everything and start watching it right away.

@lythd

3 жыл бұрын

I completely agree

@nicolasamodeo475

3 жыл бұрын

Same! He's super entertaining as well. Computerphile please set up playlists categorized by nottingham staff!

@bsvenss2

3 жыл бұрын

Totally agree. He’s explaining these things better than anyone else.

@klyanadkmorr

3 жыл бұрын

His name MIKE POUND is Sooo James Bond character name=PUSSY GALOR

@bananya6020

3 жыл бұрын

*bang* on for doctor *pound*

Rest in peace, Dan Kaminsky

Dr. Mike Pound's enthusiasm for knowledge is infectious

@maxien101

10 ай бұрын

Truly. I actually started to learn to code watching his videos. Not from them ofc, but the motivation originated heree

It's also important to note that DNS happens over UDP (stateless) so there's no 'connection' to check the response against. For example, in TCP, participating computers establish a connection, and the only response for the request that was sent out is accepted by the requesting server.

No matter what the subject, I always find myself learning something new from Dr. Pound.

Me: I have to get up early tomorrow. Dr. Mike Pound: Wanna know something about DNS Cache Poisoning? Me: Tell me everything! #sleepis4theweak oh and nice pen flip at 10:07

Of course Dr. Mike Pound would say that a hacking attack has a "cool" name and is a very "cool" kind of attack.

I really like how he says something and it souds like it's insanely fun. And simple enough for almost anyone to understand.

We asked and we received! 🙏🏼

Major props for making this video despite the earthquake you guys were experiencing.

I see Dr. Pound and I like first, then watch

@SinanAkkoyun

3 жыл бұрын

who are you talking to? That's how it works.

@ProgrammerMichaelAgarkov

3 жыл бұрын

@@SinanAkkoyun true

Name server poisoning also happened occasionally on accident, due to responding accidently with an incremented query id, possibly poisoning some later random request. Also, if a DNS has DNS level blocking taking place, and it is treated like an authoritative DNS server, it may 'black hole' your request. As in, send you an IP that is invalid and leads no where. This happened to google servers a while back when they accidentally had china servers listed as authoritative, which was causing global traffic to get black holed due to china censorship.

It's kind of surprising to hear that most of the global DNS system is not secured with certificates/TLS. Thanks for the great video!

@SupaKoopaTroopa64

3 жыл бұрын

It's actually quite terrifying, even if a poisoning attack only has like 1/1,000,000,000% chance of working.

@cosmicrider5898

3 жыл бұрын

Certbot takes like two to three lines of code lol

@AndrewFrink

3 жыл бұрын

@@cosmicrider5898 It's not the name server that is the "hard" part. You can turn that on with the config file on most name servers these days. It's convincing accounting that spending 100,000/yr on the signed certificate is "worth it". Is your ISP really going to pay for that? What if they have to buy a dozen for various bits of their country wide network? Is your work going to buy one for their server? for each branch (yes there are ways around this at the corporate level, but if you have 2 or 3 small offices)?

@snmp1612342

3 жыл бұрын

This is a chicken and egg issue, without DNS the common name of X509 certificates could not provide the information where a certificate would fit in a global hierarchy so you wouldn't know what to validate it against. This is an issue solved by DNSSEC in a different way that still provides compatibility with regular DNS while maintaining its scalability.

@snmp1612342

3 жыл бұрын

@Bjorn While that might be true for some ISPs the real reason is that nobody thought about protecting against eavesdropping at the time DNS was invented and it is in such ubiquitous use today that nobody reinvented a perfect enough replacement yet. There are lots of interoperability and scalability issues to solve for any such replacement.

I was looking forward to this video and as always its amazingly explained by Dr.Mike. I couldn't keep it as he left us with a cliffhanger in the last DNS video and searched about it but still his explanation gave me a better and clear understanding of it.. Love his way of teaching

As a reptile owner: WHAT'S IN THE BOX!!!!!!

@juliankandlhofer7553

3 жыл бұрын

a snake. he showed at the end of the last dns video

@DominusTerrae

3 жыл бұрын

A Cornsnake to be precise

@bentoth9555

3 жыл бұрын

The answer is always Gwyneth Paltrow's head.

@ACupOfKerba

3 жыл бұрын

I had the same question

@giovannicabrini8457

3 жыл бұрын

@@bentoth9555 I read the question with Jack's voice lol

The best presenter, I owe so much of my knowledge to this guy and this channel, glad these videos keep coming out !

Now i won't have to go to tons of lessons in school to learn this thanks to computerphile🤙

I studied computer science about 30 years ago, and would have loved to have had a professor like him. I remember buying my first computer magazine about 1980 aged about 7 and being amazed. I used every penny of my pocket money to buy as many magazines and books as I could up until the age of about 17. Computers were a different beast then, and the challenges were very different, but I LOVE watching these videos (I no longer program computers) - and I'm in awe of you guys.

@barrynance2871

3 жыл бұрын

BYTE Magazine, by chance?

Well explained as usual. But I kept wondering why name servers don’t simply only accept each query ID from the IP address of the authoritative server they sent the query ID to. I found out the reason is that with UDP you can spoof the source IP

Thanks for explaining the subject in an easy to understand manner. The next time a client of mine tells me that my recommendation of implementing DNSSEC is "overkill" and "too expensive", I shall point them to this video.

That pen flick tho... OMW!!! This definitely makes Dr. Pound the best Computerphile ;)

yay, professor Pound again!!

I encountered a sysadmin on the internet who used a kind of client side DNS cache poisoning as a security feature. Apparently bots scanning IP addresses for webservers is an extremely common thing. His solution to this was to run his webserver on an unusual port, then reply to all requests to his IP on the default HTTP ports with a HTTP 301: Permantently Moved error, with the TTL set to 1000 years. The result was that anyone who tried to connect to his webserver without a DNS telling them the correct port would have their local DNS cache updated to effectively permanently redirect all further attempts to connect to his site to a different site. This reportedly resulted in a dramatic drop of connection attempts from bots.

@Roxor128

3 жыл бұрын

That's pretty devious. I love it!

@lake5044

3 жыл бұрын

I don't get it. But what about the local cache? Every browser that already had a DNS cache will then be permanently blocked (since the browser will never attempt to clear a 301 redirect cache automatically).

@Roxor128

3 жыл бұрын

@@lake5044 Could be a problem with existing users, but might be able to be worked around by having the bot trap serving up a page saying "If you're seeing this, your browser's DNS cache is outdated. Clear it and try revisiting the site." which the bots will never actually read.

@lake5044

3 жыл бұрын

@@Roxor128 But then, that's no different than doing the same from your server (i.e. presenting some bot-challenge). I don't see the added benefit from going to such lengths as to purposefully poison your own domain name (maybe some load balancing? But standard load balancing is still much preferred and robust I think)

@lake5044

3 жыл бұрын

@Zero Cool What do you mean by "upload more RAM from the cloud"?

Since Facebook was down yesterday, couldn't that have been the best time for someone to try something like this.

I learned more about DNS in your DNS video and this video than I did in my grad network security course.

Fascinating, and quite a scary prospect. 10:08 - Top class pen trick...

I would love someone to take one of Mike's videos and just superimpose a ghost hand touching his arm every time he lifts his arm to stretch his sleeve out. You can't unsee it now

@shmunkyman33

3 жыл бұрын

I noticed this a while ago and have been wondering if anyone else saw it haha. I hope if he sees this comment he knows it's not a bad thing or that I'm making fun, it's just a cute little quirk!

Very interesting and well explained, Dr. Pound! I'm kind of curious now though, what's the timeline of when all these different types of attacks and/or defenses started popping up? When did cybersecurity start becoming such a big issue?

Awesome video !!!! Love the animation, so helpful !!! Job well done sir.

10:07 beautifully choreographed pen-spin flex by Dr. Mike

I have only been lead to a single login spoofing website recently, but when it was more prevalent years ago it always amazed me how bad or lazy their developers used to be at their job. Most pages were so far off the original that they could only hope to trick the most gullible users.

@nielsdegroot9138

3 жыл бұрын

With relatively low costs, it only takes a few suckers to become profitable.

thank god i was just thinking about this since the last video about dns

Yo, I've been wondering if this could happen! Great video!

Thanks Jarrod! Great vid.

As always another great video from you guys, bonus points for the chessboard i am curious if its a finished game or heated battle

Thanks for the great explanation. He's great !!!

Ahhh...DNS cache poisoning ,I know everything about it Dr.Pound : come here mate !!!👀

The smooth pen movement on 10:07

I wish my college professors explained topic like this, I would have been more interested in studying. Topics covered here are more easier to understand, even though I didn't do CS in college.

Just today I wrote an exam on distributed systems and security. This video is two days late! (But awesome in every other way)

Good explanation of how DNS injection works. Hard to believe DNS servers aren't using certificates until now though. You'd think someone would have figured this out a long time ago, especially given the popularity of SQL injection vulnerabilities and the like that have been used to deliver payloads in databases for years.

this is so interesting. thank you!

It feels weird to re-watch Computerphile videos that I already watched years ago for entertainment, but this time because I’m writing a computer science bachelor thesis about DNS security (specifically about the identity management for DANE).

Thanks for sharing knowledge ! 👍 Greetings from La Paz Bolivia 🇧🇴

Great video. 👍 Could you cover "port knocking"?

0:10 Domain Name System 0:32 Poisoning. 1:01 DNS 3:17 How it works. 4:29 Cache poisoning. 6:06 Botnet. 10:08 Security

Notice the chosen sharpie pens. They closely match the colours of the surrounding objects.

Sir Dr Pound, I’d love some explanation on what happened with the Garmin ransomware a few days back

Hello, Just to say that the content you guys put forth is so much helpful in many ways.. masters really!! Only thing is sometimes its difficult to understand what they say ... myself not quite familiar with the accent ... please kindly make captions/subtitles available... it will help us to understand better ... Thanks in advance

I love spiderman teaching me about networking

1:54 this is how excited I want to be when talking about anything

very informative!

Any ideas on how Tor V3 hidden services can start getting nicer names? Some kind of ring of trust situation?

That casual sharpie spin at 10:07

Is the querry spam the reason why this "attack" is so slow? I have used this kind of attacks in lack of other ways to redirect traffic(And problems with finding captive portals that works) on my own network but i don't find it to work that well :/ Iv'e tried this multiple times over the years but never found anything that works well so i end up giving up every time hehe.

RIP Kaminsky, who passed just 2 weeks ago.

Dan Kaminsky is awesome, great talker!

on a related note with the Lancache game download cache service, you have to purposely poison your dns cache, so that when a user wants to download a game that's already downloaded, it gets the game from the server hosting the service, rather than the internet.

I really like the way this guy talks for some reason, I don't know why though

10.0.9.9 being a private address is kind of a bad example. But good presentation

@jay_sensz

3 жыл бұрын

I'm pretty sure that's intentional so they don't accidentally slander a random public IP address.

Do mobile applications fetch to their sites to work? If so then shouldn't they be vulnerable as well?

Why dont they simply check if the IP of the one answering is the IP they asked? And wont the Recursive resolver still receive the correct answer a moment later? Couldnt one at least use the second answer to invalidate the cache?

Is the exploit kit he talks about at 5:56 real? Like if you accidentally visited a bad website you'll get infected. Assuming you don't have flash installed.

That spin at 10:06 is lit

i will be using DNS for comunication trough dns resolv messages. is a simple project, but with great potential. im curious whats gonna happen when i point 2Dns servers to resolve eachother, each other beeing the others dns server, but beeing dns server itself.

@cameron7374

3 жыл бұрын

My guess: They just start sending every request that comes in round forever until both name servers become unresponsive because all they do is send queries to each other.

@Mr.Leeroy

3 жыл бұрын

@@cameron7374 Have you got no hope at all in people who designed such fundamental service?

@cameron7374

3 жыл бұрын

@@Mr.Leeroy I do have hope in them but if the specification says to ask the next DNS server if you don't know and they both point at each other, that is what will happen and not a flaw in the technology but rather user error. I mean, something like this can already happen with some routing protocols for regular routers where they establish a path that leads in a circle, in the hopes the next router knows where to send the packets. That's called a broadcast storm and it's the job of whoever is setting up the network to set it up in a way where it doesn't happen.

What if you're running your own recursive dns like unbound?

Dr Mike should have his own youtube channel ( i'm talking about Dr Mike the computer guy )

@Michael-sh1fb

3 жыл бұрын

thx for the clarification

Wow. The internet is held together with duct tape and twine. It is crazy that the early internet even worked at all without security measures like public key cryptography.

Please could someone explain that Dan Kaminsky trick?

Watching Mike pounding out these drawings, improving them a bit and not worrying about being perfect is kind of relaxing. Bob Ross as an excited hacker!

Would DNS over TLS be a solution to this issue?

@cosmicrider5898

3 жыл бұрын

I think dnssec would be a better solution. I believe tls or doh could still be poisoned. Edit: he says this at 10:12

@juliankandlhofer7553

3 жыл бұрын

if the connection between the client and server is encrypted, there's no opportunity to send a spoofed response, since you'd need to crack the encryption to send a response on that specific request, right? dnssec just takes this a step further with trusted dns servers

@zemerick1

3 жыл бұрын

DNSSEC is the answer, not DNS over TLS. However, if the server isn't supporting DNSSEC which a LOT do not, or it not enabled. . .then it's game on.

@agoatmannameddesire8856

3 жыл бұрын

@@juliankandlhofer7553 The opportunity would be to MITM the client recursive name server, which could be easier or harder depending on the privacy profile (opportunistic or out-of-band key-pinned, see RFC7858 section 4).

@YourTVUnplugged

3 жыл бұрын

@@cosmicrider5898 You're only partially correct, because who decides who is a 'trusted' domain name server? If you trust anyone to be that 'trusted' party, then by default you can no longer trust them. Anyone who gains that must trust is immediately untrustworthy, lol... That's the facts of life. What you need is DN SEC where we trust individual domains by their public keys which only they have the private key for... Where we dont trust domain name servers but we trust individual domains proving who they are themselves. We can't trust any central authority to give us the truth, because with that trust they will always use it to lie. Instead we have to determine the individuals that we trust and only rely on our own ability to verify they are who they say they are and if we believe or better yet know we can trust them. G000gle is not to be trusted they can't even let TRUE information not be censored due to pharmaceutical interest for people to believe something that is true is not true... Because if people believe something that is true is not true then they equal big money for the pharmaceutical companies, and if they know the truth that money is greatly diminished. These companies aren't out for our best interests but for their own and their friends.

Just based on your other videos, why don't these requests between DNS servers use token like when browsers are talking to websites? Just send a request for the IP address, plus a random string, and only accept it if the response matches? They could easily have turned that 16 bits into 16 or more bytes. Did they just not see a need for any form of security when saying what address a site is at?

Is there no way to send the poisoned dns query on all ports at once?

Do you also have to do IP spoofing?

I was just looking up how to flush a dns cache and this popped up thanks desperate storage saving me

How much bandwith would one need to hijack the current randomizing defence. Anyone calculated that?

please also explain DNS over HTTP?

I'm using DNSSEC via Cloudflare on my Piehole. Highly recommend it.

So what exactly happens when we change the DNS id on out phone (eg: change it to 1.1.1.1 instead of what was there before, which is the dns for cloudflare. But still what does that mean or do?)

@Michael-sh1fb

3 жыл бұрын

It is skimmed over in this video but if you watch the other DNS explanation, that IP is the IP of the first DNS server you will ask (which in turn may ask other DNS servers)

What exactly is multicast dns and .local domain?

@snmp1612342

3 жыл бұрын

Apple Bonjour and Zeroconf use multicast DNS. Basically how this works is your devices for example Google Chromecast periodically sends a DNS packet to a multicast address that gets broadcast to all devices connected to your LAN or those who subscribed to said multicast address saying 'I am a chromecast, you can use my services x, y. and z at IP address such and such'. The .local Top Level Domain is one reserved for private usage - for example on your LAN - and will not be resolvable in the internet. Avahi (Linux) would be one example of a zeroconf implementation making use of the .local TLD.

@Mr.Leeroy

3 жыл бұрын

do not use .local unless you know what you are doing

Hello, the NS will receive a malicious answer from a different IP than the one that used for the query, right? Why will it accept it?

@nielsdegroot9138

3 жыл бұрын

That is an option you can enable in at least some DNS servers, and could even be a default setting. But it takes time/processing power to check, reducing throughput. In the early days of the internet the standards weren't created with lots of security built in. By now we've learned and there is more thought put in to the security of newer standards or changes to existing standards to make them more secure. But lots of newer and more secure features are optional, because of the unwillingness to break backwards compatibility with older devices/software.

What i dont understand about this DNS Cache Poisoning is: If my DNS resolver asks an outside DNS server to resolve for fish.google.com, it talks to an IP address of the public DNS lets say 1.1.1.1. If then a malocious answer with the correct querryID comes in, it likely wont have the correct source IP as the device probably sits within your local network. Im guessing the DNS resolver does check this while receiving responses. So is there source IP spoofing going on as well for this attack?

0:44 *China Great Firewall: Let me introduce myself*

More mr pound

Ah, how beautiful naive times were those when Vint Cerf, Bob Kahn and others designed TCP/IP stack. It withstood the test of time perfectly, _except_ for security and perhaps the quality of service (and, yes, address space size). If memory serves, equivalent standards from ITU (than CCITT) were a tad more robust, but the ones we still use ware much simpler and more elegant.

talk about websockets

This guy is a riot

Would love to see him play a game called GreyHack o.o

Important question. What is in the vivarium?

@Michael-sh1fb

3 жыл бұрын

snek

Since a majority of TLS certificate issuance systems rely on DNS verification to prove ownership of a domain, could you not also issue yourself valid certificates for the domain you have poisoned? Then, combined with the DNS sending people to your site, you also have browsers validating the server is legitimate?

@AndrewFrink

3 жыл бұрын

no, because in general those certificates are signed by a central authority, and since you don't have their key you can't sign your own certificate. So if you were paying attention to your browser, it would complain that the site isn't signed. Chrome does this very aggressively these days.

Bring a episode with Tom Scott also

but why does it even accept the response if it comes from another ip then the request where send to?

What about applying a UUID? Basically that would solve the whole problem

2:26 That's a real Parker Square of a Jolly Roger.

I'm concerned about the computer apocalypse when quantum computers are powerful enough. The encryption and randomization methods are going to be fairly easy to crack

So a fortigate FW/router that is using https but with no certificate could fall into this attack?

My registrar supports DNSEC. But what are the downsides of enabling it though? (because it's off by default.)

@YourTVUnplugged

3 жыл бұрын

The downside WHICH IS MAJOR is that you're trusting a untrustworthy third party to vet your domains instead of yourself. Only we can trust who we communicate and make network transactions with, a third party will 100% of the time LIE TO US.

Just noticed that Dr. Pound is a chess player ! :D