Commit cd3c7b1c authored by Martin Řepa's avatar Martin Řepa

Add initial docs

parent 5e51cf55
venv
materials
src/data/raw
.idea
\ No newline at end of file
.idea
# Ignore all latex-tmp files except the core ones
report/*
!report/img
!report/*.tex
!report/*.bib
!report/*.pdf
\ No newline at end of file
# bachelor-thesis
* TODO
\ No newline at end of file
* Currently this repository is used for purpose of Software and Research Project (B4BPROJ6)
* Documentation is in progress [here](report)
@article{testreference,
author = "Ignác Mikina",
title = "Král Rožmberka",
journal = "Respekt",
volume = "322",
number = "10",
pages = "891--921",
year = "1905",
DOI = "http://dx.doi.org/10.1002/andp.19053221004",
keywords = "physics, medieval"
}
@online{dnspacketstructure,
author = {P. Mockapetris},
title = {domain names - implementation and specification},
year = 1987,
url = {https://tools.ietf.org/html/rfc1035},
urldate = {1987-11-1}
}
\documentclass{article}
% \usepackage[utf8x]{inputenc}
% \usepackage{algorithm}
% \usepackage{algorithmic}
%\usepackage{caption}
%\usepackage{subcaption}
% \usepackage{fancyhdr}
% \usepackage{todonotes}
% \usepackage{amssymb}
% \usetikzlibrary{trees}
\usepackage{multirow}
\usepackage{amsmath}
\usepackage{titlepic}
\usepackage{graphicx}
\usepackage{array}
\usepackage{pdflscape}
\usepackage{adjustbox}
\usepackage{amsfonts}
\usepackage{hyperref}
\usepackage{biblatex}
\addbibresource{references.bib}
% Setting penalty for breaking line or page after[before] first[last] line of
% paragraph
\clubpenalty=10000
\widowpenalty=10000
% Setting behaviour and looks of links (TODO: maybe not needed)
\hypersetup{
colorlinks,
citecolor=black,
filecolor=black,
linkcolor=black,
urlcolor=black
}
\begin{document}
\input{titlepage}
\tableofcontents
\newpage
\section{Introduction}
\subsection{Domain Name System (DNS)}
Domain Name System (shortly DNS) provides way to match human readable hostname
to its related IP address. The reason it exists is so people can remember
user-friendly hostname instead of hardly remembred numeric IP addresses.
The domains' namespace has a hierarchical structure. Domain names are organized
in subordinate levels of the DNS root domain, which is nameless. The first
level is a top-level domain (e.g. com, cz, net, org, edu, ...) followed by the
second level, third level and so on. Each level may contain up to 63 characters,
but the full domain name may not exceed the length of 253 characters in its
textual representation.
\begin{center}
\begin{figure}[h]
\includegraphics[width=1\textwidth]{img/dns_tree.png}
\caption{A hierarchical DNS structure}
\label{fig:dnsTreeStructure}
\end{figure}
\end{center}
It would be crazy to think that one centralised database
would be able to handle the whole world's DNS traffic, thus every domain has
a domain name server maintaining the records in its server's database.
The general process of resolving an IP address starts when DNS client (for
example browser) issues a DNS request or DNS address lookup, providing
a hostname such as “example.test.com”. Then the so called DNS resolver starts
asking for an IP address from the root domain moving down the hiearchy until it
reaches the authoritative server for desired hostname "example.test.com" and
obtains response with the IP address and some additional information.
\subsubsection{Packet structure}
The DNS messages are encapsulated over UDP or TCP using port 53. The same
message format is used for all exchanges between client and servers.
\begin{table}[h] % [h] solves the issue of putting table above subsection title
\centering
\begin{tabular}{ |c|c|c| }
\hline Identification & Control & Question count \\
\hline Answer count & Authority count & Additional count \\
\hline \multicolumn{3}{|c|}{Question} \\
\hline \multicolumn{3}{|c|}{Answer} \\
\hline \multicolumn{3}{|c|}{Authority} \\
\hline \multicolumn{3}{|c|}{Additional} \\
\hline
\end{tabular}
\caption{Packet format \cite{dnspacketstructure}}
\label{table:dnsPacketFormat}
\end{table}
\subsubsection{Exfiltrating data}
Unfortunately DNS is not only used for purpose it was made for. Imagine a
situation when malicious attacker somehow got access to a foreign server and
compromised private data. DNS might help him to stealthily smuggle data out to
his own server. All he needs to do is setup his own domain (for example
"hacker.test.xyz"), issue a DNS query from compromised server providing a
hostname similiar to "stolenPassword1.hacker.xyz" and his customized domain
network server would just save the stolen data. Easy and elegant.
\begin{center}
\includegraphics[width=1\textwidth]{img/exfiltrating_data.png}
\end{center}
Since DNS protocol is a core component of the Internet protocol suite, it's
almost never blocked by firewall and attacker is able to setup a "dns tunnel".
Also DNS traffic is rarely monitored so it might be too late when the data leak
is discovered.
\subsection{Why to deal with this (?)}
\subsection{Current approach}
\newpage
\section{Solution}
\subsection{Game theoretic model}
\subsection{False positives}
\subsection{todos...}
\subsection{results}
\newpage
\section{Conclusion}
\begin{itemize}
\item What needs to be done moree...
\item Cons of my solution (false positives)
\item Reference test \cite{testreference}
\end{itemize}
\printbibliography
\end{document}
\begin{titlepage}
\begin{center}
\vspace*{1cm}
\Huge
\textbf{Optimal strategy when dealing with exfiltrating DNS requests}
\vfill
\LARGE
\textbf{Martin Řepa} \\
Supervised by Ing. Karel Durkota \\
Software and Research Project \\
B4BPROJ6
\vspace{0.8cm}
\includegraphics[width=0.4\textwidth]{img/university_logo.jpg}
\Large
Department of Computer Science\\
Czech Technical University in Prague \\
2019-1-25
\end{center}
\end{titlepage}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment