TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets
Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 4
The "TuDoor Attack" presentation at IEEE S&P unveiled a novel class of DNS-based attacks that systematically exploit logic vulnerabilities within the DNS response pre-processing mechanisms of widely used DNS resolvers. Led by Xiang Li from Nanjing University, the research team demonstrated how these subtle flaws, often overlooked in the development of DNS software, can lead to rapid and highly effective DNS cache poisoning, denial-of-service (DoS), and resource consumption attacks. The name "TuDoor" aptly reflects the nature of the vulnerability, likening it to a "door in the grid wall" that allows attackers to bypass established security measures.
AI review
This research uncovers a critical, systematic blind spot in DNS resolver logic, enabling a novel class of attacks. Exploiting a covert side channel, TuDoor achieves 100% success for source port discovery, leading to sub-second DNS cache poisoning across a vast array of vulnerable systems. This is a foundational vulnerability that demands immediate attention and a re-evaluation of DNS processing standards.