0x20 bit encoding

Security experts have recently proved that it is possible to mix upper and lower case spelling of domain name when sending out name queries. This protection scheme is called 0x20 encoding. See the diagram below.

To inject a fake address record into a resolver, an attacker must predict the random upper and lower case letter of the domain name in the query string. In the illustration above, the possibility of cache poisoning the resolver is reduced by a factor of 2 ^ 10 attributable to the use of 10 characters in “example.com”.

No comments: