Saving Brian's privacy: The perils of privacy exposure through reverse DNS

Olivier van der Toorn; Roland van Rijswijk - Deij; Raffaele Sommese; Anna Sperotto; Mattijs Jonker

doi:10.1145/3517745.3561424

Saving Brian's privacy: The perils of privacy exposure through reverse DNS

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

5 Citations (Scopus)

251 Downloads (Pure)

Abstract

Given the importance of privacy, many Internet protocols are nowadays designed with privacy in mind (e.g., using TLS for confidentiality). Foreseeing all privacy issues at the time of protocol design is, however, challenging and may become near impossible when interaction out of protocol bounds occurs. One demonstrably not well understood interaction occurs when DHCP exchanges are accompanied by automated changes to the global DNS (e.g., to dynamically add hostnames for allocated IP addresses). As we will substantiate, this is a privacy risk: one may be able to infer device presence and network dynamics from virtually anywhere on the Internet --- and even identify and track individuals --- even if other mechanisms to limit tracking by outsiders (e.g., blocking pings) are in place.

We present a first of its kind study into this risk. We identify networks that expose client identifiers in reverse DNS records and study the relation between the presence of clients and said records. Our results show a strong link: in 9 out of 10 cases, records linger for at most an hour, for a selection of academic, enterprise and ISP networks alike. We also demonstrate how client patterns and network dynamics can be learned, by tracking devices owned by persons named Brian over time, revealing shifts in work patterns caused by COVID-19 related work-from-home measures, and by determining a good time to stage a heist.

Original language	English
Title of host publication	IMC '22
Subtitle of host publication	Proceedings of the 22nd ACM Internet Measurement Conference
Publisher	Association for Computing Machinery
Pages	1-13
Number of pages	13
ISBN (Electronic)	9781450392594
DOIs	https://doi.org/10.1145/3517745.3561424
Publication status	Published - 25 Oct 2022
Event	22nd ACM Internet Measurement Conference, IMC 2022 - Nice, France Duration: 25 Oct 2022 → 27 Oct 2022 Conference number: 22 https://conferences.sigcomm.org/imc/2022/

Conference

Conference	22nd ACM Internet Measurement Conference, IMC 2022
Abbreviated title	IMC 2022
Country/Territory	France
City	Nice
Period	25/10/22 → 27/10/22
Internet address	https://conferences.sigcomm.org/imc/2022/

Keywords

tracking
reverse DNS
privacy
DHCP

Access to Document

10.1145/3517745.3561424Licence: CC BY

ArticleFinal published version, 1.05 MBLicence: CC BY

Reverse DNS queries may reveal too much, computer scientists argue
van der Toorn, O. I., Sommese, R., Sperotto, A., van Rijswijk - Deij, R. M. & Jonker, M.
19/09/22
1 item of Media coverage
Press/Media: Research

5 Citations
1 Preprint

Saving Brian's Privacy: the Perils of Privacy Exposure through Reverse DNS
van der Toorn, O., Sommese, R., Sperotto, A., van Rijswijk-Deij, R. & Jonker, M., 2 Feb 2022, ArXiv.org.
Research output: Working paper › Preprint › Academic

Open Access
File
148 Downloads (Pure)

Cite this

@inproceedings{b52e409c87084d2e997a181989ab40ca,

title = "Saving Brian's privacy: The perils of privacy exposure through reverse DNS",

abstract = "Given the importance of privacy, many Internet protocols are nowadays designed with privacy in mind (e.g., using TLS for confidentiality). Foreseeing all privacy issues at the time of protocol design is, however, challenging and may become near impossible when interaction out of protocol bounds occurs. One demonstrably not well understood interaction occurs when DHCP exchanges are accompanied by automated changes to the global DNS (e.g., to dynamically add hostnames for allocated IP addresses). As we will substantiate, this is a privacy risk: one may be able to infer device presence and network dynamics from virtually anywhere on the Internet --- and even identify and track individuals --- even if other mechanisms to limit tracking by outsiders (e.g., blocking pings) are in place. We present a first of its kind study into this risk. We identify networks that expose client identifiers in reverse DNS records and study the relation between the presence of clients and said records. Our results show a strong link: in 9 out of 10 cases, records linger for at most an hour, for a selection of academic, enterprise and ISP networks alike. We also demonstrate how client patterns and network dynamics can be learned, by tracking devices owned by persons named Brian over time, revealing shifts in work patterns caused by COVID-19 related work-from-home measures, and by determining a good time to stage a heist.",

keywords = "tracking, reverse DNS, privacy, DHCP",

author = "\{van der Toorn\}, Olivier and \{van Rijswijk - Deij\}, Roland and Raffaele Sommese and Anna Sperotto and Mattijs Jonker",

year = "2022",

month = oct,

day = "25",

doi = "10.1145/3517745.3561424",

language = "English",

pages = "1--13",

booktitle = "IMC '22",

publisher = "Association for Computing Machinery",

address = "United States",

note = "22nd ACM Internet Measurement Conference, IMC 2022, IMC 2022 ; Conference date: 25-10-2022 Through 27-10-2022",

url = "https://conferences.sigcomm.org/imc/2022/",

}

van der Toorn, O, van Rijswijk - Deij, R , Sommese, R , Sperotto, A & Jonker, M 2022, Saving Brian's privacy: The perils of privacy exposure through reverse DNS. in IMC '22: Proceedings of the 22nd ACM Internet Measurement Conference. Association for Computing Machinery, pp. 1-13, 22nd ACM Internet Measurement Conference, IMC 2022, Nice, France, 25/10/22. https://doi.org/10.1145/3517745.3561424

Saving Brian's privacy: The perils of privacy exposure through reverse DNS. / van der Toorn, Olivier; van Rijswijk - Deij, Roland ; Sommese, Raffaele et al.
IMC '22: Proceedings of the 22nd ACM Internet Measurement Conference. Association for Computing Machinery, 2022. p. 1-13.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Saving Brian's privacy

T2 - 22nd ACM Internet Measurement Conference, IMC 2022

AU - van der Toorn, Olivier

AU - van Rijswijk - Deij, Roland

AU - Sommese, Raffaele

AU - Sperotto, Anna

AU - Jonker, Mattijs

N1 - Conference code: 22

PY - 2022/10/25

Y1 - 2022/10/25

N2 - Given the importance of privacy, many Internet protocols are nowadays designed with privacy in mind (e.g., using TLS for confidentiality). Foreseeing all privacy issues at the time of protocol design is, however, challenging and may become near impossible when interaction out of protocol bounds occurs. One demonstrably not well understood interaction occurs when DHCP exchanges are accompanied by automated changes to the global DNS (e.g., to dynamically add hostnames for allocated IP addresses). As we will substantiate, this is a privacy risk: one may be able to infer device presence and network dynamics from virtually anywhere on the Internet --- and even identify and track individuals --- even if other mechanisms to limit tracking by outsiders (e.g., blocking pings) are in place. We present a first of its kind study into this risk. We identify networks that expose client identifiers in reverse DNS records and study the relation between the presence of clients and said records. Our results show a strong link: in 9 out of 10 cases, records linger for at most an hour, for a selection of academic, enterprise and ISP networks alike. We also demonstrate how client patterns and network dynamics can be learned, by tracking devices owned by persons named Brian over time, revealing shifts in work patterns caused by COVID-19 related work-from-home measures, and by determining a good time to stage a heist.

AB - Given the importance of privacy, many Internet protocols are nowadays designed with privacy in mind (e.g., using TLS for confidentiality). Foreseeing all privacy issues at the time of protocol design is, however, challenging and may become near impossible when interaction out of protocol bounds occurs. One demonstrably not well understood interaction occurs when DHCP exchanges are accompanied by automated changes to the global DNS (e.g., to dynamically add hostnames for allocated IP addresses). As we will substantiate, this is a privacy risk: one may be able to infer device presence and network dynamics from virtually anywhere on the Internet --- and even identify and track individuals --- even if other mechanisms to limit tracking by outsiders (e.g., blocking pings) are in place. We present a first of its kind study into this risk. We identify networks that expose client identifiers in reverse DNS records and study the relation between the presence of clients and said records. Our results show a strong link: in 9 out of 10 cases, records linger for at most an hour, for a selection of academic, enterprise and ISP networks alike. We also demonstrate how client patterns and network dynamics can be learned, by tracking devices owned by persons named Brian over time, revealing shifts in work patterns caused by COVID-19 related work-from-home measures, and by determining a good time to stage a heist.

KW - tracking

KW - reverse DNS

KW - privacy

KW - DHCP

U2 - 10.1145/3517745.3561424

DO - 10.1145/3517745.3561424

M3 - Conference contribution

SP - 1

EP - 13

BT - IMC '22

PB - Association for Computing Machinery

Y2 - 25 October 2022 through 27 October 2022

ER -

Saving Brian's privacy: The perils of privacy exposure through reverse DNS

Abstract

Conference

Keywords

Access to Document

Fingerprint

Press/Media

Reverse DNS queries may reveal too much, computer scientists argue

Research output

Saving Brian's Privacy: the Perils of Privacy Exposure through Reverse DNS

Cite this