Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
This Black Hat conference talk explores a devastating class of attacks called KeyTrap that target DNSSEC-validating DNS resolvers. Learn about how these attacks exploit algorithmic complexity vulnerabilities inherent in the DNSSEC standard, allowing attackers to cause comprehensive denial-of-service with minimal effort. Discover how a single 100-byte DNS request can disable resolvers for anywhere from two minutes to 16 hours, potentially disrupting service for a significant portion of global Internet users. The presenters, researchers from Goethe-Universität Frankfurt and TU Darmstadt, detail the attack design, demonstrate its severe impact, and share insights into the confidential disclosure process involving major industry players like ISC, NLnet Labs, Google, Cloudflare, and Akamai. Understand the challenges of patching vulnerabilities that stem directly from Internet standard requirements, highlighting the difficulties in creating secure software that must sometimes disobey RFC specifications. The 39-minute presentation reveals why KeyTrap has been called "The worst attack on DNS ever discovered" by leading DNS software developers.
