Friday, October 23, 02:54
Home security What do Chromium DNS hijacking tests show?

What do Chromium DNS hijacking tests show?

In an effort to determine if a network will hijack DNS queries, Google Chrome Browser and similar Chromium-based programs randomly generate three domain names between 7 and 15 characters for testing, and if the response of two domains returns the IP itself, the browser believes that the network is "captured" and redirects non-existent domain requests.

This test is completed at startup and whenever IP settings or DNS of a device.

Because of the way DNS servers transfer locally unknown domain queries to more valid name servers, random domains used by Chrome find their way into DNS root servers and, according to Verisign chief engineer in the CSO Applied Research Division , Matthew Thomas, these queries are half of all queries on root servers.


The data presented by Thomas showed that as Chrome's market share increased after the introduction of possibility in 2010, the queries that match motif used by Chrome also increased.

"In more than 10 years since the addition of the feature, we now find that half of the DNS root server traffic is very likely due to detectors of Chromium, ”Thomas said in an APNIC blog post. "This equates to about 60 billion queries in the root server system in a standard day. "

Thomas added that half of the root server DNS traffic is used to support a browser function, and with DNS monitoring being "definitely the exception rather than the rule", traffic would be a distributed denial of service attack on any another scenario.

Earlier this month, Sans Johannes Ullrich, dean of the institute, looked at how many of the 2,7 million authentic name servers in the world would be needed to disable 80% of Internet.

"You only need 2.302 name servers," Ullrich said.

"0,35% of name servers are responsible for 90% of all domain names."

Ullrich found that GoDaddy was responsible for 94,5 million records, Google Domains had 20 million, the trio, hichina and IONOS had 15,6 million each, while Cloudflare had 13,8 million records.

"Using a cloud-based DNS service is simple and often more reliable than running your name server. But this large concentration of name server services with few entities significantly increases it risk for infrastructure ", he said.

To reduce the risk of an ISP being shut down by Internet portions, Ullrich said people should run internal name servers and make sure they use more than one DNS provider.

Telstra provided an example of how a DNS failure can appear as an internet outage to users and in this case, telco successfully carried out a denial of service attack on its own.

"The massive messaging storm presented as a denial of service attack has been investigated by our security teams and we now believe the incident was not malicious but a Domain Name Server issue," telco said earlier this month.

Last month, Cloudflare provided a similar example on a much larger scale.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


How to remove Edge tabs from Alt + Tab in Windows 10

Starting with the October 2020 update, Windows 10 now displays Microsoft Edge browser tabs in the Alt + Tab task ...

Patient information is held for ransom by hackers

A company offering psychological support and psychotherapy services to thousands of patients in Finland has fallen victim to hackers. As the company stated, ...

ESafety believes that social media authentication would not be practical

Australian eSafety Commissioner Julie Inman-Grant has dismissed the practice of verifying users' identities on social media.

First beta version of the "1Password" application for Linux

One and a half months after the first rumors about the release of the 1Password application for the Linux desktop, the co-founder of Dave Teare announced now ...

The price of Bitcoin skyrockets after PayPal adds cryptocurrency

The price of Bitcoin reached a very high record on Wednesday, after the announcement of PayPal for the integration of cryptocurrency in the online ...

Dr Reddy is closing its laboratories worldwide following a data breach

The pharmaceutical company Dr Reddy 's Laboratories (DRL) was forced to close its laboratories worldwide, after a data breach that ...

PayPal lets users use cryptocurrency

PayPal on Wednesday announced a new feature that will allow users to buy, store and sell cryptocurrency.

Activists are developing face recognition technology to reveal the identities of police officers

In early September, Portland, Oregon City Council held a virtual meeting to consider legislation that ...

Tesla share rises almost 5%

Tesla's Elon Musk released the results for the third quarter of 2020 on Wednesday. The share rose almost 5% on ...

Account Takeover Attacks: How to Avoid Them?

Account Takeover (ATO) attacks are a form of theft, often used by criminals. The attackers are trying to break into accounts ...