Research & Development World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE

DNS Redirection Security Strategy Easily Bypassed

By R&D Editors | April 13, 2016

In more than 70 percent of the cases, CLOUDPIERCER was able to effectively retrieve the Web site’s original IP address, thereby providing the exact info that is needed to launch a successful cyberattack. This clearly shows that the DNS redirection strategy still has some serious shortcomings.Cloud-based security providers commonly use DNS redirection to protect customers’ Web sites. The success of this strategy depends on shielding the Web site’s original IP address. Computer scientists have now revealed that the IP address can be retrieved in more than 70 percent of the cases, meaning that the DNS redirection security mechanism can easily be bypassed. They have released a free software tool that allows site owners to test the shortcomings of the DNS redirection strategy.

Web sites and online services increasingly have to deal with acts of cybercrime such as ‘distributed denial-of-service’ (DDoS) attacks: the site or service is deliberately bombarded with huge numbers of malicious communication requests from different computers so that it collapses.

“Website owners can protect themselves against cyberattacks by installing dedicated hardware,” says Thomas Vissers from the KU Leuven Department of Computer Science and the digital research center iMinds. “Yet, this is typically too expensive and too complex for most of them. That’s why Web site owners often rely on the services offered by cloud-based security providers. One strategy these providers commonly use to protect Web sites includes diverting incoming Web traffic via their own infrastructure, which is sufficiently robust to detect and absorb cyberattacks. However, the success of this strategy heavily depends on how well the Web site’s original IP address can be shielded. If that IP address can be retrieved, protection mechanisms can easily be bypassed.”

According to the researchers, this is the Achilles heel of cloud-based security. Therefore, they set up the first large-scale research effort in this domain and actively explored vulnerabilities in the DNS redirection strategy that is used by many cloud-based security providers to intercept Web traffic. 

Nearly 18,000 Web sites, protected by five different providers, were subjected to the team’s DNS redirection vulnerability tests. To this end, the researchers built a tool called CLOUDPIERCER, which automatically tries to retrieve Web sites’ original IP address based on eight different methods, including the use of unprotected subdomains.

The Web site’s original IP address is all you need to launch a successful cyberattack. In 70 percent of the cases, it could be retrieved. 

“Previous studies had already described a number of strategies that can be used to retrieve a Web site’s original IP address. We came up with a number of additional methods. We were also the first to measure and verify the exact impact of these strategies on a larger scale,” says Thomas Vissers.

“The results were pretty confronting: in more than 70 percent of the cases, CLOUDPIERCER was able to effectively retrieve the Web site’s original IP address, thereby providing the exact info that is needed to launch a successful cyberattack. This clearly shows that the DNS redirection strategy still has some serious shortcomings.”

The researchers have already shared their results with the cloud-based security providers under consideration, allowing them to respond properly to the risk that their customers are still running.

But the researchers also want to inform the general public — and, more specifically, Web site owners — about the shortcomings of the popular DNS redirection strategy. That is why they’ve made CLOUDPIERCER available for free.

“With CLOUDPIERCER, people can test their own Web site against the eight methods that we have used in our research. CLOUDPIERCER scans the Web site, and indicates to which IP detection method it is most vulnerable,” concludes Thomas Vissers.

When Web sites use DNS redirection as a defense mechanism against cyberattacks, two simple measures can be taken to prevent the original IP address from being retrieved. One option is adjusting the Web site’s firewall settings to only allow Web traffic from the cloud-based security provider. Alternatively, the IP address of the Web site can be changed once the contract with the cloud-based security provider is initiated.

  • CLOUDPIERCER will be presented at iMinds – The Conference.
  • The research paper is available here. 

 

Related Articles Read More >

R&D 100 winner of the day: Electromagnetic spectrum management system (ESMS)
Claude computer use
AI agents could begin transforming how we work in 2025
refinery
AI takes center stage in Honeywell-Chevron collaboration
Firefly blurred lines between a human and machine researcher 72875
Copyleaks CEO: OpenAI’s o1 emergence could blur the lines between human researcher and AI assistant
rd newsletter
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, trends, and strategies in Research & Development.
RD 25 Power Index

R&D World Digital Issues

Fall 2024 issue

Browse the most current issue of R&D World and back issues in an easy to use high quality format. Clip, share and download with the leading R&D magazine today.

Research & Development World
  • Subscribe to R&D World Magazine
  • Enews Sign Up
  • Contact Us
  • About Us
  • Drug Discovery & Development
  • Pharmaceutical Processing
  • Global Funding Forecast

Copyright © 2025 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search R&D World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE