index.json

    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    [{"authors":null,"categories":null,"content":"Xiang Li is an Associate Professor at the College of Cryptology and Cyber Science, Nankai University. He received his Ph.D. from Network and Information Security Lab (NISL) at Tsinghua University (advised by Professors Qi Li and Haixin Duan) in 2024. He was a visiting scholar at UC Irvine as a project specialist, working with Professor Zhou Li. Additionally, he is the author of the fast IPv6 network device scanner XMap, open-sourced on GitHub (480+ stars). He is also a member of the DataCon Expert Committee. He is the advisor of Nankai University’s CTF teams and Infomation Security Association, an ACM member, CCF member, and CIC member. He serves as PC for top-tier venues like CCS, IMC, RAID, ACSAC, DSN, and others like AsiaCCS. His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network \u0026amp; protocol fuzzing, network vulnerability discovery \u0026amp; attack, web security, and underground economy with over 40 papers. As the first author, he has published many research papers at all top-tier security conferences, including Oakland S\u0026amp;P (2), USENIX Security (1), CCS (2), NDSS (1), and other conferences like DSN. He also gets his presentations accepted by top industry security conferences like Black Hat (Asia, USA^2, and Europe^2). He likes to attend talks and workshops like IDS, OARC, and VehicleSec to share his research. He applied for 12 patents (2 authorized and 5 in checking as the first author). He has obtained over 250 CVE/CNVD/CNNVD vulnerability numbers for a variety of influential IPv6 and DNS vulnerabilities, which have impacted over 20 home router vendors and all DNS implementations and resolver vendors. He received acknowledgements and more than $17,100 rewards from those vendors, like Google, Microsoft, Cloudflare, and Akamai; an Austria government CERT daily report; A Sweden government CERT weekly news; A Bournemouth University (BU) CERT news; 100+ news coverage by media such as BleepingComputer. He is working for the improvement of network protocols (related work has been referenced in RFC). He got multiple prizes, such as 2024 ACM SIGSAC China Excellent Doctoral Dissertation Award (1st), 2024 Pwnie Award Nominations for Most Innovative Research (Hacker Oscar), 2025 ACSAC Cybersecurity Artifacts Impact Award (First Chinese institution to receive this award), 1st prize of IPv6 Technology Application Innovation Competition, 1st place of GeekCon 2025 DAF Contest, 2nd place of GeekCon 2023 DAF Contest, National Scholarship, Wang Dazhong Scholarship, Tsinghua Outstanding Scholarship, Outstanding Graduate, and Extraordinary Hacker of GeekCon International 2024. As the advisor or competition leader, he instructed the teamers to get the 1st and 3rd prizes of 2025 National College Student Infomation Security Contest, the 2nd prize of 2025 National College Student AI Security Contest, the 2nd prize of 2024 Changcheng Cup, and the 1st and 3rd prizes of 2024/2025 Beijing–Tianjin–Hebei College Student Infomation Security Cyber Attack and Defence Contest.\nAbout openings: I am actively seeking self-motivated Master’s and PhD students, as well as intern researchers, who have a strong interest in network security and privacy, web security, vulnerability discovery, code analysis, reverse engineering, LLM security, and related fields. If you’re interested, please email me your resume. I apologize in advance if you don’t receive a response due to the high volume of inquiries. Thank you!\n2026 and 2027 OPENING, PLEASE FEEL FREE TO CONATCT ME!\nRecent research: Please feel free to fill this survey on Google Form\nRecent News [06/2026](Paper) One paper got accepted by ESORICS ‘26. Congrats, Yuqi! [05/2026](Paper) One paper got accepted by USENIX Security ‘26. Congrats, Qihang! [05/2026](Paper) One paper got accepted by KAIS ‘26. Congrats, Prof. Qiao! [04/2026](Paper) One paper got accepted by ICIC ‘26. Congrats, Yuhang! [04/2026](Activity) Invited to serve as DSN ‘27 PC. [04/2026](Activity) Invited to serve as ACM CCS ‘26 AEC. [04/2026](Activity) Invited to serve as SRDS ‘26 PC. [04/2026](Paper) One paper got accepted by SecureComm ‘26. Congrats, Youjun! [04/2026](Paper) One poster got accepted by IEEE S\u0026amp;P ‘26. Congrats, Zuyao, Yuqi, Lu, and Fasheng! [04/2026](Paper) One poster got accepted by IEEE S\u0026amp;P ‘26. Congrats, Fasheng! ","date":1760313600,"expirydate":-62135596800,"kind":"term","lang":"en","lastmod":1760313600,"objectID":"e923d935025e9a7bb0532e526d149c86","permalink":"","publishdate":"0001-01-01T00:00:00Z","relpermalink":"","section":"authors","summary":"Xiang Li is an Associate Professor at the College of Cryptology and Cyber Science, Nankai University. He received his Ph.D. from Network and Information Security Lab (NISL) at Tsinghua University (advised by Professors Qi Li and Haixin Duan) in 2024.","tags":null,"title":"Xiang Li","type":"authors"},{"authors":["Xiang Li","Mingming Zhang","Mingming Zhang","Zuyao Xu","Fasheng Miao","Yuqi Qiu","Baojun Liu","Jia Zhang","Xiaofeng Zheng","Haixin Duan","Zheli Liu","Yunhai Zhang","Dunqiu Fan"],"categories":["DNS"],"content":"Overview RebirthDay, a novel DNS cache poisoning attack targeting recursive resolvers and forwarders, reviving the classic DNS Birthday attack that no longer works since 2002.\nCVE/CNNVD (50/2)\n2025: 13/2\n2024: 37/0\nBIND: CVE-2025-40776(High) CNNVD-202507-2228(High)\nPowerDNS: CVE-2025-30192(High) CNNVD-202507-2635(High)\nUnbound: CVE-2025-5994(High)\nD-Link: CVE-2025-46663 CVE-2025-46665 CVE-2025-46668 CVE-2025-46671\nLinksys: CVE-2025-46662 CVE-2025-46667\niKuai OS: CVE-2025-46666 CVE-2025-46670\nRouterOS: CVE-2025-46664 CVE-2025-46669\nTechnitium: CVE-2024-56089(High)\nHickoryDNS: CVE-2024-56099\nDnsmasq: CVE-2024-56097\nCoreDNS: CVE-2024-56100\nSmartDNS: CVE-2024-48980 CVE-2024-56088 CVE-2024-56090\nDNSDist: CVE-2024-56092 CVE-2024-56094\nPi-hole: CVE-2024-56096\npdnsd: CVE-2024-56393\nAcrylic DNS: CVE-2024-56095 CVE-2024-56098\nAdGuard: CVE-2024-56091-CVE-2024-56093\nAdGuard Home: CVE-2024-56101-CVE-2024-56106\nDNS Safety: CVE-2024-56108\nDual DHCP DNS: CVE-2024-56102-CVE-2024-56103\nNxFilter: CVE-2024-56104\nYogaDNS: CVE-2024-56105-CVE-2024-56107\nTP-Link: CVE-2024-56380 CVE-2024-56384 CVE-2024-56387 CVE-2024-56392\nMercury: CVE-2024-56382\nFast: CVE-2024-56381\nTenda: CVE-2024-56379\nRedmi: CVE-2024-56385\nSkyworth: CVE-2024-56383\nMercury: CVE-2024-56386\nFast: CVE-2024-56391\nNetgear: CVE-2024-56388\nTenda: CVE-2024-56390\nFiberhome: CVE-2024-56389\n","date":1760313600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1760313600,"objectID":"37867025a3672de1892e94faa463091e","permalink":"https://lixiang521.com/publication/ccs25/","publishdate":"2025-10-13T00:00:00Z","relpermalink":"/publication/ccs25/","section":"publication","summary":"RebirthDay, a novel DNS cache poisoning attack targeting recursive resolvers and forwarders, reviving the classic DNS Birthday attack that no longer works since 2002.","tags":["DNS","DNS Security","DNS Query","DNS Response","DNS Cache Poisoning"],"title":"RebirthDay Attack: Reviving DNS Cache Poisoning with the Birthday Paradox","type":"publication"},{"authors":["Xiang Li","Mingming Zhang","Mingming Zhang","Zuyao Xu","Fasheng Miao","Yuqi Qiu","Baojun Liu","Jia Zhang","Xiaofeng Zheng","Haixin Duan","Zheli Liu","Yunhai Zhang","Dunqiu Fan"],"categories":["DNS"],"content":"Overview RebirthDay, a novel DNS cache poisoning attack targeting recursive resolvers and forwarders, reviving the classic DNS Birthday attack that no longer works since 2002.\nCVE/CNNVD (50/2)\n2025: 13/2\n2024: 37/0\nBIND: CVE-2025-40776(高危) CNNVD-202507-2228(高危)\nPowerDNS: CVE-2025-30192(高危) CNNVD-202507-2635(高危)\nUnbound: CVE-2025-5994(高危)\nD-Link: CVE-2025-46663 CVE-2025-46665 CVE-2025-46668 CVE-2025-46671\nLinksys: CVE-2025-46662 CVE-2025-46667\niKuai OS: CVE-2025-46666 CVE-2025-46670\nRouterOS: CVE-2025-46664 CVE-2025-46669\nTechnitium: CVE-2024-56089(高危)\nHickoryDNS: CVE-2024-56099\nDnsmasq: CVE-2024-56097\nCoreDNS: CVE-2024-56100\nSmartDNS: CVE-2024-48980 CVE-2024-56088 CVE-2024-56090\nDNSDist: CVE-2024-56092 CVE-2024-56094\nPi-hole: CVE-2024-56096\npdnsd: CVE-2024-56393\nAcrylic DNS: CVE-2024-56095 CVE-2024-56098\nAdGuard: CVE-2024-56091-CVE-2024-56093\nAdGuard Home: CVE-2024-56101-CVE-2024-56106\nDNS Safety: CVE-2024-56108\nDual DHCP DNS: CVE-2024-56102-CVE-2024-56103\nNxFilter: CVE-2024-56104\nYogaDNS: CVE-2024-56105-CVE-2024-56107\nTP-Link: CVE-2024-56380 CVE-2024-56384 CVE-2024-56387 CVE-2024-56392\nMercury: CVE-2024-56382\nFast: CVE-2024-56381\nTenda: CVE-2024-56379\nRedmi: CVE-2024-56385\nSkyworth: CVE-2024-56383\nMercury: CVE-2024-56386\nFast: CVE-2024-56391\nNetgear: CVE-2024-56388\nTenda: CVE-2024-56390\nFiberhome: CVE-2024-56389\n","date":1760313600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1760313600,"objectID":"680321835962769fc990cce4adf8f602","permalink":"https://lixiang521.com/zh/publication/ccs25/","publishdate":"2025-10-13T00:00:00Z","relpermalink":"/zh/publication/ccs25/","section":"zh","summary":"RebirthDay, a novel DNS cache poisoning attack targeting recursive resolvers and forwarders, reviving the classic DNS Birthday attack that no longer works since 2002.","tags":["DNS","DNS Security","DNS Query","DNS Response","DNS Cache Poisoning"],"title":"RebirthDay Attack: Reviving DNS Cache Poisoning with the Birthday Paradox","type":"zh"},{"authors":["Qifan Zhang","Xuesong Bai","Xiang Li","Haixin Duan","Qi Li","Zhou Li"],"categories":["DNS"],"content":"Overview In this paper, we propose ResolverFuzz to fuzz the resolver.\nCVE/CNNVD (15/8)\nBIND: CVE-2021-25220(Medium) CNNVD-202203-1514(Medium)\nTechnitium: CVE-2021-43105(Medium) CNNVD-202203-2379(Medium)\nKnot Resolver: CVE-2022-32983(Medium) CNNVD-202206-2074(Medium)\nKnot Resolver: CVE-2022-30250\nPowerDNS Recursor: CVE-2022-30252\nMaraDNS: CVE-2022-30256(High) CNNVD-202211-3148(High)\nTechnitium: CVE-2022-30257(Critical) CNNVD-202211-3247(Critical)\nUnbound: CVE-2022-30698(Medium) CNNVD-202208-1883(Medium)\nTechnitium: CVE-2022-48256(High) CNNVD-202301-1060(High)\nMaraDNS: CVE-2023-22905\nPowerDNS Recursor: CVE-2023-24712\nKnot: CVE-2023-26249(High) CNNVD-202302-1645(High)\nKnot: CVE-2023-26250\nPowerDNS Recursor: CVE-2023-26251\nPowerDNS Recursor: CVE-2023-26252\n","date":1723593600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1723593600,"objectID":"780ee206b73d336cef663768150a88de","permalink":"https://lixiang521.com/publication/security24/","publishdate":"2023-08-25T00:00:00Z","relpermalink":"/publication/security24/","section":"publication","summary":"In this paper, we propose **ResolverFuzz** to fuzz the resolver.","tags":["DNS","DNS Security","Fuzzing","Resolver Fuzzing"],"title":"ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing","type":"publication"},{"authors":["Qifan Zhang","Xuesong Bai","Xiang Li","Haixin Duan","Qi Li","Zhou Li"],"categories":["DNS"],"content":"概述 在本文中，我们提出了一个全新的工具ResolverFuzz用来模糊测试解析器。\nCVE/CNNVD (15/8)\nBIND: CVE-2021-25220(中危) CNNVD-202203-1514(中危)\nTechnitium: CVE-2021-43105(中危) CNNVD-202203-2379(中危)\nKnot Resolver: CVE-2022-32983(中危) CNNVD-202206-2074(中危)\nKnot Resolver: CVE-2022-30250\nPowerDNS Recursor: CVE-2022-30252\nMaraDNS: CVE-2022-30256(高危) CNNVD-202211-3148(高危)\nTechnitium: CVE-2022-30257(超危) CNNVD-202211-3247(超危)\nUnbound: CVE-2022-30698(中危) CNNVD-202208-1883(中危)\nTechnitium: CVE-2022-48256(高危) CNNVD-202301-1060(高危)\nMaraDNS: CVE-2023-22905\nPowerDNS Recursor: CVE-2023-24712\nKnot: CVE-2023-26249(高危) CNNVD-202302-1645(高危)\nKnot: CVE-2023-26250\nPowerDNS Recursor: CVE-2023-26251\nPowerDNS Recursor: CVE-2023-26252\n","date":1723593600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1723593600,"objectID":"35c3b00b5bb78867af905d30c84a2a39","permalink":"https://lixiang521.com/zh/publication/security24/","publishdate":"2023-08-25T00:00:00Z","relpermalink":"/zh/publication/security24/","section":"zh","summary":"在本文中，我们提出了一个全新的工具**ResolverFuzz**用来模糊测试解析器。","tags":["DNS","DNS Security","Fuzzing","Resolver Fuzzing"],"title":"ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing","type":"zh"},{"authors":["Yunyi Zhang","Baojun Liu","Haixin Duan","Min Zhang","Xiang Li","Fan Shi","Chengxi Xu","Eihal Alowaisheq"],"categories":["DNS"],"content":"Overview In this paper, we rethink the security threats of stale DNS glue records.\nPresentation\nPresented in XCon 2024 ","date":1723593600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1723593600,"objectID":"321ba78afd615d81254ef302fd1f8cdc","permalink":"https://lixiang521.com/publication/security24-1/","publishdate":"2024-02-27T00:00:00Z","relpermalink":"/publication/security24-1/","section":"publication","summary":"In this paper, we rethink the security threats of stale DNS glue records.","tags":["DNS","DNS Security"],"title":"Rethinking the Security Threats of Stale DNS Glue Records","type":"publication"},{"authors":["Yunyi Zhang","Baojun Liu","Haixin Duan","Min Zhang","Xiang Li","Fan Shi","Chengxi Xu","Eihal Alowaisheq"],"categories":["DNS"],"content":"Overview 在本文中，我们深入分析了DNS glue records的安全性。\n展示\n分享于XCon 2024 ","date":1723593600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1723593600,"objectID":"95e670dd923508db4062cf1d01e66f3b","permalink":"https://lixiang521.com/zh/publication/security24-1/","publishdate":"2024-02-27T00:00:00Z","relpermalink":"/zh/publication/security24-1/","section":"zh","summary":"在本文中，我们深入分析了DNS glue records的安全性。","tags":["DNS","DNS Security"],"title":"Rethinking the Security Threats of Stale DNS Glue Records","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In Black Hat USA 2024, Qi Wang presented my work: “TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets”.\n","date":1722988800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1722988800,"objectID":"d689cba788519ee813618b13b924c591","permalink":"https://lixiang521.com/talk/black-hat-usa-2024/","publishdate":"2024-08-07T00:00:00Z","relpermalink":"/talk/black-hat-usa-2024/","section":"event","summary":"In Black Hat USA 2024, Qi Wang presented my work: \"TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets\".","tags":["Presentation"],"title":"Black Hat USA 2024","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在黑帽大会2024（美国）上, 汪琦学弟分享了我的研究工作：“TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets”。\n","date":1722988800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1722988800,"objectID":"c9163b78e48d48695f98e29fede85bde","permalink":"https://lixiang521.com/zh/event/bhu-2024/","publishdate":"2024-08-07T00:00:00Z","relpermalink":"/zh/event/bhu-2024/","section":"zh","summary":"在黑帽大会2024（美国）上, 汪琦学弟分享了我的研究工作：“TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets”。","tags":["Presentation"],"title":"黑帽大会2024（美国）","type":"zh"},{"authors":["Xiang Li"],"categories":["Competition"],"content":"In GeekCon International 2024, Prof. Duan and me presented the TuDoor attack and showed a live demo. We got the Extraordinary Hacker honor.\nMoments ","date":1716627600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1716627600,"objectID":"c0d1b93c02a25956488ecd1dff7363bc","permalink":"https://lixiang521.com/talk/geekcon-international-2024/","publishdate":"2024-05-26T00:00:00Z","relpermalink":"/talk/geekcon-international-2024/","section":"event","summary":"In [GeekCon International 2024](https://www.geekcon.top/en/index.html), Prof. Duan and me presented the TuDoor attack and showed a live demo. We got the Extraordinary Hacker honor.","tags":["Competition"],"title":"GeekCon International 2024","type":"event"},{"authors":["Xiang Li"],"categories":["Competition"],"content":"在新极棒国际站 2024，段老师和我演示了TuDoor攻击并获得了非凡黑客荣誉称号。\n比赛时刻 ","date":1716627600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1716627600,"objectID":"5e719b67188ebb3d470dfe50ebe716cd","permalink":"https://lixiang521.com/zh/event/geekcon-inter-2024/","publishdate":"2024-05-26T00:00:00Z","relpermalink":"/zh/event/geekcon-inter-2024/","section":"zh","summary":"在[新极棒国际站 2024](https://www.geekcon.top/en/index.html)，段老师和我演示了TuDoor攻击并获得了非凡黑客荣誉称号。","tags":["Competition"],"title":"新极棒国际站 2024","type":"zh"},{"authors":["Fenglu Zhang"],"categories":["Presentation"],"content":"In 45th IEEE Symposium on Security and Privacy 2024, Fenglu presented our novel DNSBomb attack on behalf of me cause I couldn’t make it there.\nFeedback from the site impressive! unbelievable! amazing!\n","date":1716163200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1716163200,"objectID":"06ce02b55c8dddf7d39f9a7a09b5051d","permalink":"https://lixiang521.com/talk/45th-ieee-symposium-on-security-and-privacy-2024-ieee-sp-2024/","publishdate":"2024-05-23T00:00:00Z","relpermalink":"/talk/45th-ieee-symposium-on-security-and-privacy-2024-ieee-sp-2024/","section":"event","summary":"In [45th IEEE Symposium on Security and Privacy 2024](https://sp2024.ieee-security.org/index.html), Fenglu presented our novel DNSBomb attack on behalf of me cause I couldn't make it there.","tags":["Presentation"],"title":"45th IEEE Symposium on Security and Privacy 2024 | IEEE S\u0026P 2024","type":"event"},{"authors":["Fenglu Zhang"],"categories":["Presentation"],"content":"In 45th IEEE Symposium on Security and Privacy 2024, Fenglu presented our novel TuDoor attack on behalf of me cause I couldn’t make it there.\nFeedback from the site impressive! unbelievable! amazing!\n","date":1716163200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1716163200,"objectID":"e05079f5c464b403ce018a56a32de18e","permalink":"https://lixiang521.com/talk/45th-ieee-symposium-on-security-and-privacy-2024-ieee-sp-2024/","publishdate":"2024-05-23T00:00:00Z","relpermalink":"/talk/45th-ieee-symposium-on-security-and-privacy-2024-ieee-sp-2024/","section":"event","summary":"In [45th IEEE Symposium on Security and Privacy 2024](https://sp2024.ieee-security.org/index.html), Fenglu presented our novel TuDoor attack on behalf of me cause I couldn't make it there.","tags":["Presentation"],"title":"45th IEEE Symposium on Security and Privacy 2024 | IEEE S\u0026P 2024","type":"event"},{"authors":["Fenglu Zhang"],"categories":["Presentation"],"content":"在45th IEEE Symposium on Security and Privacy 2024会议上，丰露代替我汇报了DNSBomb攻击。十分感谢！\n现场反馈 impressive! unbelievable! amazing!\n","date":1716163200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1716163200,"objectID":"52558c317dae9cf6b79681b305c0a7a1","permalink":"https://lixiang521.com/zh/event/sp-2024-1/","publishdate":"2024-05-23T00:00:00Z","relpermalink":"/zh/event/sp-2024-1/","section":"zh","summary":"在[45th IEEE Symposium on Security and Privacy 2024](https://sp2024.ieee-security.org/index.html)会议上，丰露代替我汇报了DNSBomb攻击。十分感谢！","tags":["Presentation"],"title":"45th IEEE Symposium on Security and Privacy 2024 | IEEE S\u0026P 2024","type":"zh"},{"authors":["Fenglu Zhang"],"categories":["Presentation"],"content":"在45th IEEE Symposium on Security and Privacy 2024会议上，丰露代替我汇报了TuDoor攻击。十分感谢！\n现场反馈 impressive! unbelievable! amazing!\n","date":1716163200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1716163200,"objectID":"3997e2423a76136936336fa78b65bc96","permalink":"https://lixiang521.com/zh/event/sp-2024/","publishdate":"2024-05-23T00:00:00Z","relpermalink":"/zh/event/sp-2024/","section":"zh","summary":"在[45th IEEE Symposium on Security and Privacy 2024](https://sp2024.ieee-security.org/index.html)会议上，丰露代替我汇报了TuDoor攻击。十分感谢！","tags":["Presentation"],"title":"45th IEEE Symposium on Security and Privacy 2024 | IEEE S\u0026P 2024","type":"zh"},{"authors":["Xiang Li","Dashuai Wu","Haixin Duan","Qi Li"],"categories":["DNS"],"content":"Overview DNSBomb is a new practical and powerful pulsing DoS attack exploiting DNS queries and responses.\nWe concluded that ANY SYSTEM or MECHANISM, which can aggregate “things”, could be exploited to construct the pulsing DoS traffic, such as DNS and CDN.\nPlease join us to find more if you can! It is very interesting.\nDNSBomb: https://dnsbomb.net/\nCVE/CNNVD (11/4)\n2024: 1/3\n2023: 10/1\nIndustry-wide: CVE-2024-33655(Low) CNNVD-202406-457(Low)\nTechnitium: CVE-2023-28456(High) CVE-2023-49203(High) CNNVD-202409-1742(High) CNNVD-202409-1740(High)\nDnsmasq: CVE-2023-28450(High) CVE-2023-49207 CNNVD-202303-1261(High)\nKnot: CVE-2023-49206\nSimple DNS Plus: CVE-2023-49205\nMaraDNS: CVE-2023-49204\nCoreDNS: CVE-2023-28454 CVE-2023-49202\nSDNS: CVE-2023-49201\nPresentation\nPresented in GeekCon 2023 (Second Prize)\nPresented in DNS OARC 43\nNews\n40+ news coverage by media, such as The Hacker News, Cyber Security News, and dns-operation\nApple News: News\nBlackhat Ethical Hacking News: News\nCSDN News: News\nCyber Security News: News\nCyberSecurity Help News: News\nDDoS Attack News: News\nDaily Dev News: News\nFireXCore News: News\nFreebuf News: News\nGBHackers News: News\nGamingDeputyNews: News\nGixtools News: News\nHack Dojo News: News\nHackPlayers News: News\nHacker News: News\nIMDb News: News\nItts at News: News\nLawfare Media News: News\nMalware News: News\nMedium News: News\nMeterpreter News: News\nNetManageit News: News\nOWASP News: News\nOwlysec News: News\nPoddtoppen News: News\nQuantribaomat News: News\nReddit News: News\nRedware News: News\nRisky Biz News: News\nSC Media News: News\nSOCRadar News: News\nSecurity Online News: News\nSecurityLab News: News\nThe Hacker News: News\nThreads News: News\ndns-operation: Discussion\niHeart News: News\nunSafe News: News\n安全客: News\n每日安全动态推送: News\n","date":1716163200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1716163200,"objectID":"5831e9128256ae65c4a182430ef7b1a1","permalink":"https://lixiang521.com/publication/oakland24-2/","publishdate":"2024-01-01T08:00:00Z","relpermalink":"/publication/oakland24-2/","section":"publication","summary":"DNSBomb is a new practical and powerful pulsing DoS attack exploiting DNS queries and responses.","tags":["DNS","DNS Security","DNS Query","DNS Response","DoS"],"title":"DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses","type":"publication"},{"authors":["Xiang Li","Dashuai Wu","Haixin Duan","Qi Li"],"categories":["DNS"],"content":"概述 DNSBomb is a new practical and powerful pulsing DoS attack exploiting DNS queries and responses.\nWe concluded that ANY SYSTEM or MECHANISM, which can aggregate “things”, could be exploited to construct the pulsing DoS traffic, such as DNS and CDN.\nPlease join us to find more if you can! It is very interesting.\nDNS炸弹: https://dnsbomb.net/\nCVE/CNNVD (11/4)\n2024: 1/3\n2023: 10/1\nIndustry-wide: CVE-2024-33655(低危) CNNVD-202406-457(低危)\nTechnitium: CVE-2023-28456(高危) CVE-2023-49203(高危) CNNVD-202409-1742(高危) CNNVD-202409-1740(高危)\nDnsmasq: CVE-2023-28450(高危) CVE-2023-49207 CNNVD-202303-1261(高危)\nKnot: CVE-2023-49206\nSimple DNS Plus: CVE-2023-49205\nMaraDNS: CVE-2023-49204\nCoreDNS: CVE-2023-28454 CVE-2023-49202\nSDNS: CVE-2023-49201\n分享\n分享于GeekCon 2023（极棒国际安全极客大赛亚军）\n分享于DNS OARC 43\n新闻报道\n40+科技媒体报道，如The Hacker News, Cyber Security News, and dns-operation\nApple News: News\nBlackhat Ethical Hacking News: News\nCSDN News: News\nCyber Security News: News\nCyberSecurity Help News: News\nDDoS Attack News: News\nDaily Dev News: News\nFireXCore News: News\nFreebuf News: News\nGBHackers News: News\nGamingDeputyNews: News\nGixtools News: News\nHack Dojo News: News\nHackPlayers News: News\nHacker News: News\nIMDb News: News\nItts at News: News\nLawfare Media News: News\nMalware News: News\nMedium News: News\nMeterpreter News: News\nNetManageit News: News\nOWASP News: News\nOwlysec News: News\nPoddtoppen News: News\nQuantribaomat News: News\nReddit News: News\nRedware News: News\nRisky Biz News: News\nSC Media News: News\nSOCRadar News: News\nSecurity Online News: News\nSecurityLab News: News\nThe Hacker News: News\nThreads News: News\ndns-operation: Discussion\niHeart News: News\nunSafe News: News\n安全客: News\n每日安全动态推送: News\n","date":1716163200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1716163200,"objectID":"5ea888a986cc42beaa479da41d8e292a","permalink":"https://lixiang521.com/zh/publication/oakland24-2/","publishdate":"2024-01-01T08:00:00Z","relpermalink":"/zh/publication/oakland24-2/","section":"zh","summary":"DNSBomb is a new practical and powerful pulsing DoS attack exploiting DNS queries and responses.","tags":["DNS","DNS Security","DNS Query","DNS Response","DoS"],"title":"DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses","type":"zh"},{"authors":["Xiang Li","Wei Xu","Baojun Liu","Mingming Zhang","Zhou Li","Jia Zhang","Deliang Chang","Xiaofeng Zheng","Chuhan Wang","Jianjun Chen","Haixin Duan","Qi Li"],"categories":["DNS"],"content":"Overview This paper proposes the TuDoor Attack, by systematically exploring and exploiting logic vulnerabilities in DNS response pre-processing with malformed packets, leading to DNS cache poisoning (1s), denial-of-service, and resource consuming attacks.\nTuDoor: https://tudoor.net/\nCVE/CNNVD (34/10)\nMicrosoft: CVE-2023-32020(Medium) CNNVD-202306-1013(Medium)\nKnot: CVE-2023-26249(High) CNNVD-202302-1645(High)\nPowerDNS: CVE-2023-26437(Medium) CNNVD-202304-131(Medium)\nTechnitium: CVE-2023-28451(Medium) CNNVD-202409-1745(Medium)\nSimple DNS Plus: CVE-2023-28453\nCoreDNS: CVE-2023-28452(Medium) CNNVD-202409-1744(Medium)\nPython DNS Lib: CVE-2023-29483(High) CNNVD-202404-1742(High)\nGolang DNS Lib: CVE-2023-29481\nNode.js DNS Lib: CVE-2023-30578\nc-ares: CVE-2023-32067(High) (CVE-2023-30579) CNNVD-202305-2245(High)\ndnsjava: CVE-2023-29482\npdnsd: CVE-2023-30580\nAdGuard Service: CVE-2023-41173(High) CNNVD-202308-2076(High)\nTechnitium: CVE-2023-28457(High) CNNVD-202409-1741(High)\nCoreDNS: CVE-2023-30464(High) CNNVD-202409-1817(High)\nAcrylic DNS Proxy: CVE-2023-32771\nAcrylic DNS Proxy: CVE-2023-32775\nAdGuard Software: CVE-2023-32770\nAdGuard Software: CVE-2023-32773\nDNS Safety: CVE-2023-32772\nDNS Safety: CVE-2023-32776\nDual DHCP DNS: CVE-2023-30632\nNxFilter: CVE-2023-32769\nNxFilter: CVE-2023-32768\nYogaDNS: CVE-2023-32774\nYogaDNS: CVE-2023-32777\nTenda AX2PRO: CVE-2023-31053\nTOTOLINK: CVE-2023-31049\nNighthawk RAX70: CVE-2023-31055\nSKYWORTH-wr9651x: CVE-2023-31052\nMERCURY D191G: CVE-2023-31051\nXIAOMI AX3000: CVE-2023-31050\nikuai8: CVE-2023-31054\nPresentation\nPresented in OARC 42\nReferenced by RFC 9520: Negative Caching of DNS Resolution Failures\nPresented in GeekCon 2024 International\nPresented in Black Hat USA 2024\nGot the 2024 Pwnie Award Nominations for Most Innovative Research (Hacker Oscar)\n","date":1716163200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1716163200,"objectID":"0b95efcd0169577f84776452bb2c2bff","permalink":"https://lixiang521.com/publication/oakland24/","publishdate":"2023-08-01T08:00:00Z","relpermalink":"/publication/oakland24/","section":"publication","summary":"This paper proposes the TuDoor Attack, by systematically exploring and exploiting logic vulnerabilities in DNS response pre-processing with malformed packets, leading to DNS cache poisoning (1s), denial-of-service, and resource consuming attacks.","tags":["DNS","DNS Security","DNS Response","DNS Cache Poisoning","DoS","Resource Consuming"],"title":"TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets","type":"publication"},{"authors":["Xiang Li","Wei Xu","Baojun Liu","Mingming Zhang","Zhou Li","Jia Zhang","Deliang Chang","Xiaofeng Zheng","Chuhan Wang","Jianjun Chen","Haixin Duan","Qi Li"],"categories":["DNS"],"content":"概述 本论文提出了“突门攻击”，通过系统地探索并利用畸形数据包中DNS响应预处理的逻辑漏洞，导致DNS缓存投毒（1秒）、拒绝服务和资源消耗攻击。\n突门攻击: https://tudoor.net/\nCVE/CNNVD (34/10)\nMicrosoft: CVE-2023-32020(中危) CNNVD-202306-1013(中危)\nKnot: CVE-2023-26249(高危) CNNVD-202302-1645(高危)\nPowerDNS: CVE-2023-26437(中危) CNNVD-202304-131(中危)\nTechnitium: CVE-2023-28451(中危) CNNVD-202409-1745(中危)\nSimple DNS Plus: CVE-2023-28453\nCoreDNS: CVE-2023-28452(中危) CNNVD-202409-1744(中危)\nPython DNS Lib: CVE-2023-29483(高危) CNNVD-202404-1742(高危)\nGolang DNS Lib: CVE-2023-29481\nNode.js DNS Lib: CVE-2023-30578\nc-ares: CVE-2023-32067(高危) (CVE-2023-30579) CNNVD-202305-2245(高危)\ndnsjava: CVE-2023-29482\npdnsd: CVE-2023-30580\nAdGuard Service: CVE-2023-41173(高危) CNNVD-202308-2076(高危)\nTechnitium: CVE-2023-28457(高危) CNNVD-202409-1741(高危)\nCoreDNS: CVE-2023-30464(高危) CNNVD-202409-1817(高危)\nAcrylic DNS Proxy: CVE-2023-32771\nAcrylic DNS Proxy: CVE-2023-32775\nAdGuard Software: CVE-2023-32770\nAdGuard Software: CVE-2023-32773\nDNS Safety: CVE-2023-32772\nDNS Safety: CVE-2023-32776\nDual DHCP DNS: CVE-2023-30632\nNxFilter: CVE-2023-32769\nNxFilter: CVE-2023-32768\nYogaDNS: CVE-2023-32774\nYogaDNS: CVE-2023-32777\nTenda AX2PRO: CVE-2023-31053\nTOTOLINK: CVE-2023-31049\nNighthawk RAX70: CVE-2023-31055\nSKYWORTH-wr9651x: CVE-2023-31052\nMERCURY D191G: CVE-2023-31051\nXIAOMI AX3000: CVE-2023-31050\nikuai8: CVE-2023-31054\n分享\n展示于OARC 42\n引用于RFC 9520: Negative Caching of DNS Resolution Failures\n展示于GeekCon 2024 International\n展示于Black Hat USA 2024\n获得2024 Pwnie Award Nominations for Most Innovative Research (Hacker Oscar, 黑客奥斯卡)\n","date":1716163200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1716163200,"objectID":"bdd5599db1c63b6660076988d8af4f49","permalink":"https://lixiang521.com/zh/publication/oakland24/","publishdate":"2023-08-01T08:00:00Z","relpermalink":"/zh/publication/oakland24/","section":"zh","summary":"本论文提出了“突门攻击”，通过系统地探索并利用畸形数据包中DNS响应预处理的逻辑漏洞，导致DNS缓存投毒（1秒）、拒绝服务和资源消耗攻击。","tags":["DNS","DNS安全","DNS回复","DNS缓存污染","拒绝服务攻击","资源消耗攻击"],"title":"TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets","type":"zh"},{"authors":["Chuhan Wang","YASUHIRO KURANAGA","Yihang Wang","Mingming Zhang","Linkai Zheng","Xiang Li","Jianjun Chen","Haixin Duan","Yanzhong Lin","Qingfeng Pan"],"categories":["Email"],"content":"Overview This paper proposes a BreakSPF attack framework, a newly discovered method for attackers to bypass the SPF protocol and launch email spoofing attacks.\n","date":1708905600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1708905600,"objectID":"cb849922faf9a85527c86a91b4cd72f6","permalink":"https://lixiang521.com/publication/ndss24/","publishdate":"2023-08-01T08:00:00Z","relpermalink":"/publication/ndss24/","section":"publication","summary":"This paper proposes a BreakSPF attack framework, a newly discovered method for attackers to bypass the SPF protocol and launch email spoofing attacks.","tags":["Email","Email Security"],"title":"BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet","type":"publication"},{"authors":["Chuhan Wang","YASUHIRO KURANAGA","Yihang Wang","Mingming Zhang","Linkai Zheng","Xiang Li","Jianjun Chen","Haixin Duan","Yanzhong Lin","Qingfeng Pan"],"categories":["Email"],"content":"概述 本论文提出了一个名为BreakSPF的攻击框架：攻击者新发现的一种绕过SPF协议并发起电子邮件欺骗攻击的方法。\n","date":1708905600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1708905600,"objectID":"4c747445b26beb4efc7773eaee61c0c5","permalink":"https://lixiang521.com/zh/publication/ndss24/","publishdate":"2023-08-01T08:00:00Z","relpermalink":"/zh/publication/ndss24/","section":"zh","summary":"本论文提出了一个名为BreakSPF的攻击框架：攻击者新发现的一种绕过SPF协议并发起电子邮件欺骗攻击的方法。","tags":["邮件","邮件安全"],"title":"BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet","type":"zh"},{"authors":["Qifan Zhang","Xuesong Bai","Xiang Li","Haixin Duan","Qi Li","Zhou Li"],"categories":["DNS"],"content":"概述 在本文中，我们提出了一个全新的工具ResolverFuzz用来模糊测试解析器。\n漏洞编号（15）\nBIND: CVE-2021-25220\nTechnitium: CVE-2021-43105\nKnot Resolver: CVE-2022-32983\nKnot Resolver: CVE-2022-30250\nPowerDNS Recursor: CVE-2022-30252\nMaraDNS: CVE-2022-30256\nTechnitium: CVE-2022-30257\nUnbound: CVE-2022-30698\nTechnitium: CVE-2022-48256\nMaraDNS: CVE-2023-22905\nPowerDNS Recursor: CVE-2023-24712\nKnot: CVE-2023-26249\nKnot: CVE-2023-26250\nPowerDNS Recursor: CVE-2023-26251\nPowerDNS Recursor: CVE-2023-26252\n分享\n分享于数字寰宇大家讲堂\n分享于OARC 42\n","date":1708905600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1708905600,"objectID":"65073d3326dcc3826cefa9bb502c9ae2","permalink":"https://lixiang521.com/publication/ndss24-3/","publishdate":"2024-02-26T00:00:00Z","relpermalink":"/publication/ndss24-3/","section":"publication","summary":"在本文中，我们提出了一个全新的工具**ResolverFuzz**用来模糊测试解析器。","tags":["DNS","DNS Security","Fuzzing","Resolver Fuzzing"],"title":"Poster: ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing","type":"publication"},{"authors":["Qifan Zhang","Xuesong Bai","Xiang Li","Haixin Duan","Qi Li","Zhou Li"],"categories":["DNS"],"content":"Overview In this paper, we propose ResolverFuzz to fuzz the resolver.\nCVE (15)\nBIND: CVE-2021-25220\nTechnitium: CVE-2021-43105\nKnot Resolver: CVE-2022-32983\nKnot Resolver: CVE-2022-30250\nPowerDNS Recursor: CVE-2022-30252\nMaraDNS: CVE-2022-30256\nTechnitium: CVE-2022-30257\nUnbound: CVE-2022-30698\nTechnitium: CVE-2022-48256\nMaraDNS: CVE-2023-22905\nPowerDNS Recursor: CVE-2023-24712\nKnot: CVE-2023-26249\nKnot: CVE-2023-26250\nPowerDNS Recursor: CVE-2023-26251\nPowerDNS Recursor: CVE-2023-26252\nPresentation\nPresented in SHUZIHUANYU Talk\nPresented in OARC 42\n","date":1708905600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1708905600,"objectID":"433c2e82b71e90586d20d0893b18c6c7","permalink":"https://lixiang521.com/zh/publication/ndss24-3/","publishdate":"2024-02-26T00:00:00Z","relpermalink":"/zh/publication/ndss24-3/","section":"zh","summary":"In this paper, we propose **ResolverFuzz** to fuzz the resolver.","tags":["DNS","DNS Security","Fuzzing","Resolver Fuzzing"],"title":"Poster: ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing","type":"zh"},{"authors":["Linkai Zheng","Xiang Li","Chuhan Wang","Run Guo","Haixin Duan","Jianjun Chen","Chao Zhang","Kaiwen Shen"],"categories":["CDN"],"content":"Overview This paper proposes a new automated fuzzing tool “ReqsMiner” to discover CDN forwarding request inconsistencies.\nMore details coming soon…\n","date":1708905600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1708905600,"objectID":"3eb914afa16f49165ed9d5611269c456","permalink":"https://lixiang521.com/publication/ndss24-2/","publishdate":"2023-10-24T08:00:00Z","relpermalink":"/publication/ndss24-2/","section":"publication","summary":"This paper proposes a new automated fuzzing tool \"ReqsMiner\" to discover CDN forwarding request inconsistencies.","tags":["CDN","HTTP","CDN Security"],"title":"ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies with Differential Fuzzing","type":"publication"},{"authors":["Linkai Zheng","Xiang Li","Chuhan Wang","Run Guo","Haixin Duan","Jianjun Chen","Chao Zhang","Kaiwen Shen"],"categories":["CDN"],"content":"概述 该文提出一种新的自动化模糊测试工具“ReqsMiner”来发现CDN转发请求的不一致。\n","date":1708905600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1708905600,"objectID":"3dda4a717805e1d991bc185063bd83d8","permalink":"https://lixiang521.com/zh/publication/ndss24-2/","publishdate":"2023-10-24T08:00:00Z","relpermalink":"/zh/publication/ndss24-2/","section":"zh","summary":"该文提出一种新的自动化模糊测试工具“ReqsMiner”来发现CDN转发请求的不一致。","tags":["CDN","HTTP","CDN Security"],"title":"ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies with Differential Fuzzing","type":"zh"},{"authors":["Mingxuan Liu","Yiming Zhang","Xiang Li","Chaoyi Lu","Baojun Liu","Haixin Duan","Xiaofeng Zheng"],"categories":["DNS"],"content":"Overview This paper analyzes the ecosystem of protective DNS and its security issues.\nMore details coming soon…\n","date":1708905600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1708905600,"objectID":"2bb2822f212ed4688df460144a01ba89","permalink":"https://lixiang521.com/publication/ndss24-1/","publishdate":"2023-10-12T08:00:00Z","relpermalink":"/publication/ndss24-1/","section":"publication","summary":"This paper analyzes the ecosystem of protective DNS and its security issues.","tags":["DNS","Domain","DNS Security"],"title":"Understanding the Implementation and Security Implications of Protective DNS Services","type":"publication"},{"authors":["Mingxuan Liu","Yiming Zhang","Xiang Li","Chaoyi Lu","Baojun Liu","Haixin Duan","Xiaofeng Zheng"],"categories":["DNS"],"content":"概述 本文分析了Protective DNS的生态系统及其安全问题。\n","date":1708905600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1708905600,"objectID":"8fe052ede5da05be985858ed4f725913","permalink":"https://lixiang521.com/zh/publication/ndss24-1/","publishdate":"2023-10-12T08:00:00Z","relpermalink":"/zh/publication/ndss24-1/","section":"zh","summary":"本文分析了Protective DNS的生态系统及其安全问题。","tags":["DNS","域名","DNS安全"],"title":"Understanding the Implementation and Security Implications of Protective DNS Services","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In Black Hat Europe 2023, Professor Haixin Duan presented our work: “TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers”.\n","date":1701820800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1701820800,"objectID":"1661cbb2b9ddeba23f61ca1121c4f265","permalink":"https://lixiang521.com/talk/black-hat-europe-2023/","publishdate":"2023-12-06T00:00:00Z","relpermalink":"/talk/black-hat-europe-2023/","section":"event","summary":"In Black Hat Europe 2023, Professor Haixin Duan presented our work: \"TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers\".","tags":["Presentation"],"title":"Black Hat Europe 2023","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在黑帽大会2023（欧洲）上, 段海新教授分享了我们的研究工作：“TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers”。\n","date":1701820800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1701820800,"objectID":"60ad431825545971c5d0b7d6a46d676d","permalink":"https://lixiang521.com/zh/event/bhe-2023/","publishdate":"2023-12-06T00:00:00Z","relpermalink":"/zh/event/bhe-2023/","section":"zh","summary":"在黑帽大会2023（欧洲）上, 段海新教授分享了我们的研究工作：“TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers”。","tags":["Presentation"],"title":"黑帽大会2023（欧洲）","type":"zh"},{"authors":["Wei Xu","Xiang Li","Chaoyi Lu","Baojun Liu","Jia Zhang","Jianjun Chen","Tao Wan","Haixin Duan"],"categories":["DNS"],"content":"Overview In this paper, we present the TsuKing attack.\nMore details coming soon.\nTsuKing: https://tsuking.net/\nCVE/CNNVD (3/1)\nMikrotik: CVE-2023-24711\nPowerDNS: CVE-2023-24712\nTechnitium: CVE-2023-28455(High) CNNVD-202409-1743(High)\nPresentation\nPresented in OARC 41\nPresented in Black Hat Europe 2023\n","date":1700956800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1700956800,"objectID":"a6b8936f050215d8f35d04b251ba71d6","permalink":"https://lixiang521.com/publication/ccs23/","publishdate":"2023-05-08T00:00:00Z","relpermalink":"/publication/ccs23/","section":"publication","summary":"In this paper, we present the **TsuKing** attack.","tags":["DNS","DNS Security","DNS Amplication Attack"],"title":"TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers","type":"publication"},{"authors":["Wei Xu","Xiang Li","Chaoyi Lu","Baojun Liu","Jia Zhang","Jianjun Chen","Tao Wan","Haixin Duan"],"categories":["DNS"],"content":"Overview In this paper, we present the TsuKing attack.\nMore details coming soon.\nTsuKing: https://tsuking.net/\nCVE/CNNVD (3/1)\nMikrotik: CVE-2023-24711\nPowerDNS: CVE-2023-24712\nTechnitium: CVE-2023-28455(高危) CNNVD-202409-1743(高危)\nPresentation\nPresented in OARC 41\nPresented in Black Hat Europe 2023\n","date":1700956800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1700956800,"objectID":"f8c5acd65e022d967231e9a64e212f3f","permalink":"https://lixiang521.com/zh/publication/ccs23/","publishdate":"2023-05-08T00:00:00Z","relpermalink":"/zh/publication/ccs23/","section":"zh","summary":"In this paper, we present the **TsuKing** attack.","tags":["DNS","DNS Security","DNS Amplication Attack"],"title":"TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers","type":"zh"},{"authors":["Zhenrui Zhang","Geng Hong","Xiang Li","Zhuoqun Fu","Jia Zhang","Mingxuan Liu","Chuhan Wang","Jianjun Chen","Baojun Liu","Haixin Duan","Chao Zhang","Min Yang"],"categories":["Underground Economy"],"content":"Overview In this paper, we present a stealthy mining pool detection system.\nMore details coming soon.\n","date":1700956800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1700956800,"objectID":"1b5fa56944d278f5d57449d3df67ad0c","permalink":"https://lixiang521.com/publication/ccs23-2/","publishdate":"2023-05-08T00:00:00Z","relpermalink":"/publication/ccs23-2/","section":"publication","summary":"In this paper, we present a stealthy mining pool detection system.","tags":["Underground Economy","Scanning"],"title":"Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild","type":"publication"},{"authors":["Zhenrui Zhang","Geng Hong","Xiang Li","Zhuoqun Fu","Jia Zhang","Mingxuan Liu","Chuhan Wang","Jianjun Chen","Baojun Liu","Haixin Duan","Chao Zhang","Min Yang"],"categories":["Underground Economy"],"content":"Overview In this paper, we present a stealthy mining pool detection system.\nMore details coming soon.\n","date":1700956800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1700956800,"objectID":"f8b529c33281d5b8364567ce81089ef9","permalink":"https://lixiang521.com/zh/publication/ccs23-2/","publishdate":"2023-05-08T00:00:00Z","relpermalink":"/zh/publication/ccs23-2/","section":"zh","summary":"In this paper, we present a stealthy mining pool detection system.","tags":["Underground Economy","Scanning"],"title":"Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild","type":"zh"},{"authors":["Xiang Li"],"categories":["Competition"],"content":"In GeekCon 2023, I presented our 0-day vulnerability to conduct pulsing DoS attack with Dashuai. We got the 2nd prize of GeekCon 2023 DAF (Defense \u0026amp; Attack Force) Contest. Our colleagues got two Winner prizes and the 1st prize of AVSS contest.\nMoments ","date":1698138000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1698138000,"objectID":"327ced2b46736f12249707de1f876298","permalink":"https://lixiang521.com/talk/geekcon-2023/","publishdate":"2023-10-24T00:00:00Z","relpermalink":"/talk/geekcon-2023/","section":"event","summary":"In [GeekCon 2023](https://www.geekcon.top/en/index.html), I presented our 0-day vulnerability to conduct pulsing DoS attack with Dashuai. We got the 2nd prize of GeekCon 2023 DAF (Defense \u0026 Attack Force) Contest.","tags":["Competition"],"title":"GeekCon 2023","type":"event"},{"authors":["Xiang Li"],"categories":["Competition"],"content":"在新极棒 2023比赛中，我演示我们在DNS安全方面的最新研究成果：利用某种未知缺陷实现对任意网站的拒绝服务攻击（大四学弟吴大帅共同参赛，组建TNB团队），最后取得了GEEKCON 2023安全极客大赛“漏洞与利用DAF挑战赛”的亚军。我们实验室的其它参赛队伍获得了两项“漏洞与利用DAF挑战赛”的优胜奖和AVSS赛道的冠军。\n比赛时刻 ","date":1698138000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1698138000,"objectID":"45b927342d7aa17f0f929afabc5fe0d2","permalink":"https://lixiang521.com/zh/event/geekcon-2023/","publishdate":"2023-10-24T00:00:00Z","relpermalink":"/zh/event/geekcon-2023/","section":"zh","summary":"在[新极棒 2023](https://www.geekcon.top/en/index.html)比赛中，我演示我们在DNS安全方面的最新研究成果：利用某种未知缺陷实现对任意网站的拒绝服务攻击（大四学弟吴大帅共同参赛，组建TNB团队），最后取得了GEEKCON 2023安全极客大赛“漏洞与利用DAF挑战赛”的亚军。","tags":["Competition"],"title":"新极棒 2023","type":"zh"},{"authors":["Fenglu Zhang","Yunyi Zhang","Baojun Liu","Eihal Alowaisheq","Lingyun Ying","Xiang Li","Zaifeng Zhang","Ying Liu","Haixin Duan","Min Zhang"],"categories":["DNS"],"content":"Overview This paper conducted a comprehensive measurement to reveal the prevalence of undelegated DNS records.\n","date":1698105600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1698105600,"objectID":"91ac8678da208e281de6583ed0b60c13","permalink":"https://lixiang521.com/publication/imc23/","publishdate":"2023-08-19T08:00:00Z","relpermalink":"/publication/imc23/","section":"publication","summary":"This paper conducted a comprehensive measurement to reveal the prevalence of undelegated DNS records.","tags":["DNS","DNS Security"],"title":"Wolf in Sheep's Clothing: Evaluating the Security Risks of the Undelegated Record on DNS Hosting Services","type":"publication"},{"authors":["Fenglu Zhang","Yunyi Zhang","Baojun Liu","Eihal Alowaisheq","Lingyun Ying","Xiang Li","Zaifeng Zhang","Ying Liu","Haixin Duan","Min Zhang"],"categories":["DNS"],"content":"概述 本文对未授权的DNS记录的普遍性进行了全面的测量。\n","date":1698105600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1698105600,"objectID":"2f3f6dea2b9b0c8c3ce27dd473d8f9ff","permalink":"https://lixiang521.com/zh/publication/imc23/","publishdate":"2023-08-19T08:00:00Z","relpermalink":"/zh/publication/imc23/","section":"zh","summary":"本文对未授权的DNS记录的普遍性进行了全面的测量。","tags":["DNS","DNS安全"],"title":"Wolf in Sheep's Clothing: Evaluating the Security Risks of the Undelegated Record on DNS Hosting Services","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In Kanxue SDC 2023, Professor Haixin Duan presented our work: “The Maginot Line: Attacking the Boundary of DNS Caching Protection”.\n","date":1698019200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1698019200,"objectID":"8d0ca6ff84beb97b47bd0c46228805a5","permalink":"https://lixiang521.com/talk/kanxue-sdc-2023/","publishdate":"2023-10-23T00:00:00Z","relpermalink":"/talk/kanxue-sdc-2023/","section":"event","summary":"In Kanxue SDC 2023, Professor Haixin Duan presented our work: \"The Maginot Line: Attacking the Boundary of DNS Caching Protection\".","tags":["Presentation"],"title":"Kanxue SDC 2023","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在看雪开发者峰会 2023，段海新教授分享了我们的工作：MaginotDNS 攻击——跨越域名解析器的缓存防御“护城河”。\n","date":1698019200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1698019200,"objectID":"b106b844e5ad21e6ceda6ded34081ad5","permalink":"https://lixiang521.com/zh/event/kanxue-2023/","publishdate":"2023-10-23T00:00:00Z","relpermalink":"/zh/event/kanxue-2023/","section":"zh","summary":"在看雪开发者峰会 2023，段海新教授分享了我们的工作：MaginotDNS 攻击——跨越域名解析器的缓存防御“护城河”。","tags":["Presentation"],"title":"看雪开发者峰会 2023","type":"zh"},{"authors":["Xiang Li"],"categories":["Conference"],"content":"On Augest 18, I was invited to attend the 21st BlueHat 2023.\nEvent Details and FAQ:\n· Simply Applying does not ensure a pass or ticket to the conference: Click the ‘Apply Here!’ link above and complete the application form. If selected after our review, you will receive an email invitation with a unique link to register for the conference.\n· Microsoft employees will be assigned to Day 1 or Day 2 of the event. While the agenda is still forthcoming, please indicate your preferred day in the application form. IMPORTANT: While we will do our best, your preferred selection is not guaranteed due to scheduling constraints.\n· Applications to attend BlueHat 2023 are open to everyone: Whether from Microsoft or elsewhere, everyone in the fields of security research and response are welcome to submit an application. Microsoft is committed to ensuring a diverse, inclusive, and accessible event. If you have questions or help with your application, please email bluehat23reg@microsoft.com.\n· Attendees are responsible for travel and accommodation costs and arrangements: If accepted as an attendee, you will need to arrange and cover your travel and accommodation for the event in Redmond, WA, USA, from Oct 11 – 12, 2023.\n· Expect emails from bluehat23reg@microsoft.com. Please monitor your Junk, Clutter, Spam, Other email folders for messages from this address. If you do not receive a confirmation email, please contact the BlueHat planning team at bluehat23reg@microsoft.com.\n","date":1697007600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1697007600,"objectID":"d759563641df19bba89d0de8c17381ea","permalink":"https://lixiang521.com/talk/invited-to-attend-the-21st-bluehat-2023/","publishdate":"2023-08-18T00:00:00Z","relpermalink":"/talk/invited-to-attend-the-21st-bluehat-2023/","section":"event","summary":"On Augest 18, I was invited to attend the 21st BlueHat 2023.","tags":["Conference"],"title":"Invited to Attend the 21st BlueHat 2023","type":"event"},{"authors":["Xiang Li"],"categories":["Conference"],"content":"在8月18日，受邀参加第21届BlueHat 2023。\n详情：\n· Simply Applying does not ensure a pass or ticket to the conference: Click the ‘Apply Here!’ link above and complete the application form. If selected after our review, you will receive an email invitation with a unique link to register for the conference.\n· Microsoft employees will be assigned to Day 1 or Day 2 of the event. While the agenda is still forthcoming, please indicate your preferred day in the application form. IMPORTANT: While we will do our best, your preferred selection is not guaranteed due to scheduling constraints.\n· Applications to attend BlueHat 2023 are open to everyone: Whether from Microsoft or elsewhere, everyone in the fields of security research and response are welcome to submit an application. Microsoft is committed to ensuring a diverse, inclusive, and accessible event. If you have questions or help with your application, please email bluehat23reg@microsoft.com.\n· Attendees are responsible for travel and accommodation costs and arrangements: If accepted as an attendee, you will need to arrange and cover your travel and accommodation for the event in Redmond, WA, USA, from Oct 11 – 12, 2023.\n· Expect emails from bluehat23reg@microsoft.com. Please monitor your Junk, Clutter, Spam, Other email folders for messages from this address. If you do not receive a confirmation email, please contact the BlueHat planning team at bluehat23reg@microsoft.com.\n","date":1697007600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1697007600,"objectID":"390bf8be2d3bd8d7d4f6619e4cc7d5b8","permalink":"https://lixiang521.com/zh/event/bluehat-2023-1/","publishdate":"2023-08-18T00:00:00Z","relpermalink":"/zh/event/bluehat-2023-1/","section":"zh","summary":"在8月18日，受邀参加第21届BlueHat 2023。","tags":["Conference"],"title":"受邀参加第21届BlueHat 2023","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In SHUZIHUANYU Dajia Talk 2023 (online class), I presented my MaginotDNS attack.\n","date":1694628000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1694628000,"objectID":"fa580cd13122ccd66cd61a5007de2197","permalink":"https://lixiang521.com/talk/shuzihuanyu-dajia-talk-2023/","publishdate":"2023-09-13T00:00:00Z","relpermalink":"/talk/shuzihuanyu-dajia-talk-2023/","section":"event","summary":"In [SHUZIHUANYU Dajia Talk 2023](https://cepoca.cn/lectureHall/lectureRoomDetail?liveUid=af4d1df145b9e4defcfcef8c7c624c85) (online class), I presented my MaginotDNS attack.","tags":["Presentation"],"title":"SHUZIHUANYU Dajia Talk 2023","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在数字寰宇大家讲堂 2023（在线），我分享了MaginotDNS攻击。\n","date":1694628000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1694628000,"objectID":"118b50d1962ec25fd079cdf3b86f289e","permalink":"https://lixiang521.com/zh/event/shuzihuanyu-2023/","publishdate":"2023-09-13T00:00:00Z","relpermalink":"/zh/event/shuzihuanyu-2023/","section":"zh","summary":"在[数字寰宇大家讲堂 2023](https://cepoca.cn/lectureHall/lectureRoomDetail?liveUid=af4d1df145b9e4defcfcef8c7c624c85)（在线），我分享了MaginotDNS攻击。","tags":["Presentation"],"title":"数字寰宇大家讲堂 2023","type":"zh"},{"authors":["Fenglu Zhang"],"categories":["Presentation"],"content":"In OARC 41 \u0026amp; ICANN DNS Symposium 2023 (hybrid in-person and online workshop), Fenglu presented our novel TsuKing attack on behalf of me cause I couldn’t make it there.\nFeedback from workshops ","date":1693958400,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1693958400,"objectID":"606fe9dfb3c643e294dc3d389943df93","permalink":"https://lixiang521.com/talk/oarc-41-icann-dns-symposium-2023/","publishdate":"2023-09-06T00:00:00Z","relpermalink":"/talk/oarc-41-icann-dns-symposium-2023/","section":"event","summary":"In [OARC 41 \u0026 ICANN DNS Symposium 2023](https://indico.dns-oarc.net/event/47/) (hybrid in-person and online workshop), Fenglu presented our novel TsuKing attack on behalf of me cause I couldn't make it there.","tags":["Presentation"],"title":"OARC 41 \u0026 ICANN DNS Symposium 2023","type":"event"},{"authors":["Fenglu Zhang"],"categories":["Presentation"],"content":"在OARC 41 \u0026amp; ICANN DNS Symposium 2023会议上（线上线上相结合），丰露代替我演示了TsuKing攻击。十分感谢！\n现场反馈 ","date":1693958400,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1693958400,"objectID":"cd526b7fef7977ac545e18a298c8c1b6","permalink":"https://lixiang521.com/zh/event/oarc-41/","publishdate":"2023-09-06T00:00:00Z","relpermalink":"/zh/event/oarc-41/","section":"zh","summary":"在[OARC 41 \u0026 ICANN DNS Symposium 2023](https://indico.dns-oarc.net/event/47/)会议上（线上线上相结合），丰露代替我演示了TsuKing攻击。十分感谢！","tags":["Presentation"],"title":"OARC 41 \u0026 ICANN DNS Symposium 2023","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In the 2nd AEGIS Workshop (online workshop), I presented a novel Ghost Domain attack named Phoenix Domain to the audiences.\n","date":1693036800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1693036800,"objectID":"ea0b7bd9dc803c1bb440f117f7b17dc9","permalink":"https://lixiang521.com/talk/2nd-aegis-workshop/","publishdate":"2023-08-26T00:00:00Z","relpermalink":"/talk/2nd-aegis-workshop/","section":"event","summary":"In the [2nd AEGIS Workshop](https://aegis-readers.github.io/) (online workshop), I presented a novel Ghost Domain attack named [Phoenix Domain](https://phoenixdomain.net/) to the audiences.","tags":["Presentation"],"title":"2nd AEGIS Workshop","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在第二届AEGIS Workshop中（线上），我分享了最新的研究工作不死域名。\n","date":1693036800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1693036800,"objectID":"85a647c8b60a18d2cd88c81e9624d5b6","permalink":"https://lixiang521.com/zh/event/aegis-2/","publishdate":"2023-08-26T00:00:00Z","relpermalink":"/zh/event/aegis-2/","section":"zh","summary":"在第二届[AEGIS Workshop](https://aegis-readers.github.io/)中（线上），我分享了最新的研究工作[不死域名](https://phoenixdomain.net/)。","tags":["Presentation"],"title":"2nd AEGIS Workshop","type":"zh"},{"authors":["Xiang Li"],"categories":["Conference"],"content":"On July 11, I was invited to MSRC’s Researcher Celebration at Black Hat USA 2023.\nEvent Details and FAQ:\n· When: Thursday, August 10th, 2023, from 5PM to 10PM\n· Where: Retro by Voltaggio, Mandalay Bay, Las Vegas\n· Who is the event for: MSRC’s Most Valuable Researchers (MVRs) and alumni, researchers with active and recent MSRC cases, MSRC strategic partners, and members of the security research community.\n· Can I have a +1? We’d love to be introduced to new researchers and potential partners however space is limited. To request a +1 please email bluehat@microsoft.com with the name, email address and brief justification for why your +1 would be a good fit for this event. Please ensure the person you wish to nominate has given you permission to share their details with us.\n· I’m not attending Black Hat or DEF CON, can I give my invitation to another researcher? Tickets are non-transferable, however If you have a colleague or friend you would like to nominate for a ticket to this event, please send an email to bluehat@microsoft.com with the name, email address and brief justification for why this person would be a good fit for this event and we’ll do our best to accommodate. Please ensure the person you wish to nominate has given you permission to share their details with us.\n· Will Microsoft pay for my flights, accommodation, or travel visa etc. to attend this event? No. This event is intended for individuals who will already be in Las Vegas on August 10, 2023, for “Hacker Summer Camp” (Black Hat, DEF CON, B-Sides, Diana Initiative, Squad Con etc.).\nFor all other questions please contact bluehat@microsoft.com\n","date":1691650800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1691650800,"objectID":"69b61605717858237097d7b1ae62330a","permalink":"https://lixiang521.com/talk/invited-to-msrcs-researcher-celebration-at-black-hat-usa-2023/","publishdate":"2023-07-10T00:00:00Z","relpermalink":"/talk/invited-to-msrcs-researcher-celebration-at-black-hat-usa-2023/","section":"event","summary":"On July 11, I was invited to MSRC's Researcher Celebration at Black Hat USA 2023.","tags":["Conference"],"title":"Invited to MSRC's Researcher Celebration at Black Hat USA 2023","type":"event"},{"authors":["Xiang Li"],"categories":["Conference"],"content":"在2023年7月11日，受邀参加 MSRC’s Researcher Celebration at Black Hat USA 2022。\n详情：\n· When: Thursday, August 10th, 2023, from 5PM to 10PM\n· Where: Retro by Voltaggio, Mandalay Bay, Las Vegas\n· Who is the event for: MSRC’s Most Valuable Researchers (MVRs) and alumni, researchers with active and recent MSRC cases, MSRC strategic partners, and members of the security research community.\n· Can I have a +1? We’d love to be introduced to new researchers and potential partners however space is limited. To request a +1 please email bluehat@microsoft.com with the name, email address and brief justification for why your +1 would be a good fit for this event. Please ensure the person you wish to nominate has given you permission to share their details with us.\n· I’m not attending Black Hat or DEF CON, can I give my invitation to another researcher? Tickets are non-transferable, however If you have a colleague or friend you would like to nominate for a ticket to this event, please send an email to bluehat@microsoft.com with the name, email address and brief justification for why this person would be a good fit for this event and we’ll do our best to accommodate. Please ensure the person you wish to nominate has given you permission to share their details with us.\n· Will Microsoft pay for my flights, accommodation, or travel visa etc. to attend this event? No. This event is intended for individuals who will already be in Las Vegas on August 10, 2023, for “Hacker Summer Camp” (Black Hat, DEF CON, B-Sides, Diana Initiative, Squad Con etc.).\nFor all other questions please contact bluehat@microsoft.com\n","date":1691650800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1691650800,"objectID":"fbc71ea605be6f3eb6815c2a6629d90d","permalink":"https://lixiang521.com/zh/event/msrc-blackhat-2023/","publishdate":"2023-07-10T00:00:00Z","relpermalink":"/zh/event/msrc-blackhat-2023/","section":"zh","summary":"在2023年7月11日，受邀参加 MSRC's Researcher Celebration at Black Hat USA 2023。","tags":["Conference"],"title":"受邀参加 MSRC's Researcher Celebration at Black Hat USA 2023","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在2023年第32届USENIX安全探讨会上，我分享了最新研究工作：“The Maginot Line: Attacking the Boundary of DNS Caching Protection”，也见到和交到了很多朋友。\n","date":1691625600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1691625600,"objectID":"783551b2c1cd144be940b1aab98587ab","permalink":"https://lixiang521.com/zh/event/usenix-2023/","publishdate":"2023-08-08T00:00:00Z","relpermalink":"/zh/event/usenix-2023/","section":"zh","summary":"在2023年第32届USENIX安全探讨会上，我分享了最新研究工作：“The Maginot Line: Attacking the Boundary of DNS Caching Protection”，也见到和交到了很多朋友。","tags":["Presentation"],"title":"2023年第32届USENIX安全探讨会｜USENIX Security 2023","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In the 2023 32nd USENIX Security Symposium, I presented one paper “The Maginot Line: Attacking the Boundary of DNS Caching Protection” to the audiences. I met many old friends and made many new friends.\n","date":1691625600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1691625600,"objectID":"42190c2f95ec7f4f716c9b80c75fe1b3","permalink":"https://lixiang521.com/talk/32nd-usenix-security-symposium-2023-usenix-security-2023/","publishdate":"2023-07-08T00:00:00Z","relpermalink":"/talk/32nd-usenix-security-symposium-2023-usenix-security-2023/","section":"event","summary":"In the 2023 32nd USENIX Security Symposium, I presented one paper \"The Maginot Line: Attacking the Boundary of DNS Caching Protection\" to the audiences. I met many old friends and made many new friends.","tags":["Presentation"],"title":"32nd USENIX Security Symposium 2023 | USENIX Security 2023","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In Black Hat USA 2023, Professor Zhou Li presented our work: “The Maginot Line: Attacking the Boundary of DNS Caching Protection”.\n","date":1691539200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1691539200,"objectID":"d7eb5e817301fd469cb1272deaa11bc2","permalink":"https://lixiang521.com/talk/black-hat-usa-2023/","publishdate":"2023-07-09T00:00:00Z","relpermalink":"/talk/black-hat-usa-2023/","section":"event","summary":"In Black Hat USA 2023, Professor Zhou Li presented our work: \"The Maginot Line: Attacking the Boundary of DNS Caching Protection\".","tags":["Presentation"],"title":"Black Hat USA 2023","type":"event"},{"authors":["Run Guo","Jianjun Chen","Yihang Wang","Keran Mu","Baojun Liu","Xiang Li","Chao Zhang","Haixin Duan","Jianping Wu"],"categories":["CDN"],"content":"Overview Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack.\n","date":1691539200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1691539200,"objectID":"a6d81ddc8ea435d998ce9e67be0d9121","permalink":"https://lixiang521.com/publication/security23-2/","publishdate":"2023-01-27T00:00:00Z","relpermalink":"/publication/security23-2/","section":"publication","summary":"Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack.","tags":["CDN","CDN Security","DoS Attack"],"title":"Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack","type":"publication"},{"authors":["Run Guo","Jianjun Chen","Yihang Wang","Keran Mu","Baojun Liu","Xiang Li","Chao Zhang","Haixin Duan","Jianping Wu"],"categories":["CDN"],"content":"Overview Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack.\n","date":1691539200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1691539200,"objectID":"571ddb684715f6f958e4dc4004b717e2","permalink":"https://lixiang521.com/zh/publication/security23-2/","publishdate":"2023-01-27T00:00:00Z","relpermalink":"/zh/publication/security23-2/","section":"zh","summary":"Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack.","tags":["CDN","CDN Security","DoS Attack"],"title":"Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack","type":"zh"},{"authors":["Xiang Li","Chaoyi Lu","Baojun Liu","Qifan Zhang","Zhou Li","Haixin Duan","Qi Li"],"categories":["DNS"],"content":"Overview In this paper, we report MaginotDNS, a powerful cache poisoning attack against DNS servers that simultaneously act as recursive resolvers and forwarders (termed as CDNS).\nMaginotDNS: https://maginotdns.net/\nCVE/CNNVD (3/3)\nBIND: CVE-2021-25220(Medium) CNNVD-202203-1514(Medium)\nTechnitium: CVE-2021-43105(Medium) CNNVD-202203-2379(Medium)\nKnot Resolver: CVE-2022-32983(Medium) CNNVD-202206-2074(Medium)\nPresentation\nPresented in Black Hat USA 2023\nPresented in SHUZIHUANYU Talk\nPresented in KANXUE 2023 SDC\nPresented in Black Hat Webinar\nNews \u0026amp; CERT\n60+ news coverage by media such as BleepingComputer and APNIC\nAn Austria government CERT daily report\nA Sweden government CERT weekly news\nA Bournemouth University (BU) CERT news\nNews \u0026amp; CERT List\nAlienVault: News\nAll InfoSec News: News\nAltus Intel: News\nAnti-Malware.ru: News\nAPNIC: News\nBelEn News and Lifestyle: News\nBleepingComputer: News\nBlog elhacker.NET: News\nBournemouth University (BU) CERT on 15/08/2023: News\nBreachForums: News\nBroadband Reports: News\nCICESE: News\nCaveiraTech: News\nCyber Reports: News\nCyberIQs: News\nCyware Labs: News\nDesde Linux: News\nDevBytes: News\nFacebook: News\nFagen Wasanni Technologies: News\nFirst Hackers News: News\nFreeFlarum: News\nGovCERT Austria on 14/08/2023: News\nHispasec UnaAlDia: News\nHow 2 Do: News\nITSec.Ru: News\nIlSoftware.it: News\nInformazione.it: News\nInfosec Exchange: News\nItaly 24 Press News: News\nJetico: News\nMalwareTips: News\nMenéame: News\nNews YCombinator: News\nNotizie today: News\nOpenNet: News\nOpenSecurity: News\nPRSOL:CC: News\nRed Hot Cyber: News\nReddit: News\nRisky Biz: News\nSNAS Internet Storm Center: News\nSecNews.gr: News-zh-cn\nSecNews.gr: News\nSecure Hunter: News\nSecurity Lab: News\nSecurityWeek: News\nSweden CERT on 18/08/2023: News\nTS2 Space: News\nTechWar.GR: News\nUPV/EHU: News\nUna al Día: News\nVumetric Cyber Portal: News\ncarder.uk: News\ne-security.bg: News\nlasgasolineras.es: News\nnotizie.today: News\ntechxpub.de: News\n360CERT安全日报（2023.08.14）: News\n合天网安实验室-网络安全日报（2023年08月15日）: News\n快米云: News\n資安日報: News\n","date":1691539200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1691539200,"objectID":"6b26a869432bb15d5719dca98c9f0ffa","permalink":"https://lixiang521.com/publication/security23/","publishdate":"2022-09-01T00:00:00Z","relpermalink":"/publication/security23/","section":"publication","summary":"In this paper, we report **MaginotDNS**, a powerful cache poisoning attack against DNS servers that simultaneously act as recursive resolvers and forwarders (termed as *CDNS*).","tags":["DNS","DNS Security","DNS Cache Poisoning","DNS Bailiwick Rule"],"title":"The Maginot Line: Attacking the Boundary of DNS Caching Protection","type":"publication"},{"authors":["Xiang Li","Chaoyi Lu","Baojun Liu","Qifan Zhang","Zhou Li","Haixin Duan","Qi Li"],"categories":["DNS"],"content":"概述 在本文中，我们报告了MaginotDNS，这是针对同时充当递归解析器和转发器（称为CDNS）的DNS服务器的强大缓存投毒攻击。\nMaginotDNS: https://maginotdns.net/\nCVE/CNNVD (3/3)\nBIND: CVE-2021-25220(中危) CNNVD-202203-1514(中危)\nTechnitium: CVE-2021-43105(中危) CNNVD-202203-2379(中危)\nKnot Resolver: CVE-2022-32983(中危) CNNVD-202206-2074(中危)\n分享\n分享于Black Hat USA 2023\n分享于数字寰宇大家讲堂\n分享于看雪 2023 SDC\n分享于Black Hat Webinar\n报道和安全公告\n60+科技媒体报道，如BleepingComputer and APNIC\n奥地利政府CERT每日安全公告\n瑞典政府CERT每周安全公告\n伯恩茅斯大学CERT安全公告\n报道和安全公告列表\nAlienVault: News\nAll InfoSec News: News\nAltus Intel: News\nAnti-Malware.ru: News\nAPNIC: News\nBelEn News and Lifestyle: News\nBleepingComputer: News\nBlog elhacker.NET: News\nBournemouth University (BU) CERT on 15/08/2023: News\nBreachForums: News\nBroadband Reports: News\nCICESE: News\nCaveiraTech: News\nCyber Reports: News\nCyberIQs: News\nCyware Labs: News\nDesde Linux: News\nDevBytes: News\nFacebook: News\nFagen Wasanni Technologies: News\nFirst Hackers News: News\nFreeFlarum: News\nGovCERT Austria on 14/08/2023: News\nHispasec UnaAlDia: News\nHow 2 Do: News\nITSec.Ru: News\nIlSoftware.it: News\nInformazione.it: News\nInfosec Exchange: News\nItaly 24 Press News: News\nJetico: News\nMalwareTips: News\nMenéame: News\nNews YCombinator: News\nNotizie today: News\nOpenNet: News\nOpenSecurity: News\nPRSOL:CC: News\nRed Hot Cyber: News\nReddit: News\nRisky Biz: News\nSNAS Internet Storm Center: News\nSecNews.gr: News-zh-cn\nSecNews.gr: News\nSecure Hunter: News\nSecurity Lab: News\nSecurityWeek: News\nSweden CERT on 18/08/2023: News\nTS2 Space: News\nTechWar.GR: News\nUPV/EHU: News\nUna al Día: News\nVumetric Cyber Portal: News\ncarder.uk: News\ne-security.bg: News\nlasgasolineras.es: News\nnotizie.today: News\ntechxpub.de: News\n360CERT安全日报（2023.08.14）: News\n合天网安实验室-网络安全日报（2023年08月15日）: News\n快米云: News\n資安日報: News\n","date":1691539200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1691539200,"objectID":"03842611ea1382efcb16034f0eaa6b92","permalink":"https://lixiang521.com/zh/publication/security23/","publishdate":"2022-09-01T00:00:00Z","relpermalink":"/zh/publication/security23/","section":"zh","summary":"在本文中，我们报告了**MaginotDNS**，这是针对同时充当递归解析器和转发器（称为**CDNS**）的DNS服务器的强大缓存投毒攻击。","tags":["DNS","DNS Security","DNS Cache Poisoning","DNS Bailiwick Rule"],"title":"The Maginot Line: Attacking the Boundary of DNS Caching Protection","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在黑帽大会2023（美国）上, 李洲助理教授分享了我们的研究工作：“The Maginot Line: Attacking the Boundary of DNS Caching Protection”。\n","date":1691539200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1691539200,"objectID":"5ccc1260cf497745583dfeaef9342c2b","permalink":"https://lixiang521.com/zh/event/bhu-2023/","publishdate":"2023-08-08T00:00:00Z","relpermalink":"/zh/event/bhu-2023/","section":"zh","summary":"在黑帽大会2023（美国）上, 李洲助理教授分享了我们的研究工作：“The Maginot Line: Attacking the Boundary of DNS Caching Protection”。","tags":["Presentation"],"title":"黑帽大会2023（美国）","type":"zh"},{"authors":["Mingming Zhang","Xiang Li","Baojun Liu","Jianyu Lu","Jianjun Chen","Yiming Zhang","Xiaofeng Zheng","Haixin Duan","Shuang Hao"],"categories":["DNS"],"content":"Overview In this paper, we present a novel framework, HostingChecker (DareShark), for detecting domain takeovers.\nPresentation\nPresented in OARC 40 Presented in APAC DNS Forum 2023 by Mr Alban KWAN (Topic: Why care about Dangling Domain Hijacking, and how to Prevent the Threat?) ","date":1687132800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1687132800,"objectID":"28d6298fa656db57fd7d085927c7708d","permalink":"https://lixiang521.com/publication/sigmetrics23/","publishdate":"2022-12-20T00:00:00Z","relpermalink":"/publication/sigmetrics23/","section":"publication","summary":"In this paper, we present a novel framework, **HostingChecker** (**DareShark**), for detecting domain takeovers.","tags":["DNS","DNS Security","Domain Takeover"],"title":"DareShark: Detecting and Measuring Security Risks of Hosting-Based Dangling Domains","type":"publication"},{"authors":["Mingming Zhang","Xiang Li","Baojun Liu","Jianyu Lu","Jianjun Chen","Yiming Zhang","Xiaofeng Zheng","Haixin Duan","Shuang Hao"],"categories":["DNS"],"content":"Overview In this paper, we present a novel framework, HostingChecker (DareShark), for detecting domain takeovers.\nPresentation\nPresented in OARC 40 Presented in APAC DNS Forum 2023 by Mr Alban KWAN (Topic: Why care about Dangling Domain Hijacking, and how to Prevent the Threat?) ","date":1687132800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1687132800,"objectID":"e406e6e720715ef7f6fa5a2a79f9dc56","permalink":"https://lixiang521.com/zh/publication/sigmetrics23/","publishdate":"2022-12-20T00:00:00Z","relpermalink":"/zh/publication/sigmetrics23/","section":"zh","summary":"In this paper, we present a novel framework, **HostingChecker** (**DareShark**), for detecting domain takeovers.","tags":["DNS","DNS Security","Domain Takeover"],"title":"DareShark: Detecting and Measuring Security Risks of Hosting-Based Dangling Domains","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In Black Hat Asia 2023, I presented our work: “Phoenix Domain Attack: Vulnerable Links in Domain Name Delegation and Revocation”.\nMoments ","date":1683763200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1683763200,"objectID":"e43182770abf548babeaff12e13180cc","permalink":"https://lixiang521.com/talk/black-hat-asia-2023/","publishdate":"2023-05-12T00:00:00Z","relpermalink":"/talk/black-hat-asia-2023/","section":"event","summary":"In Black Hat Asia 2023, I presented our work: \"Phoenix Domain Attack: Vulnerable Links in Domain Name Delegation and Revocation\".","tags":["Presentation"],"title":"Black Hat Asia 2023","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在黑帽大会2023（亚洲）上, 我分享了研究工作：“Phoenix Domain Attack: Vulnerable Links in Domain Name Delegation and Revocation”。\nMoments ","date":1683763200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1683763200,"objectID":"d073909ec57e3efe8a1aae1373dc9df6","permalink":"https://lixiang521.com/zh/event/bha-2023/","publishdate":"2023-05-12T00:00:00Z","relpermalink":"/zh/event/bha-2023/","section":"zh","summary":"在黑帽大会2023（亚洲）上, 我分享了研究工作：“Phoenix Domain Attack: Vulnerable Links in Domain Name Delegation and Revocation”。","tags":["Presentation"],"title":"黑帽大会2023（亚洲）","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在2023年第30届网络与分布式系统安全会议上，我分享了我们关于DNS最新的研究工作（Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation）以及诸葛老师组的展板（Demo: Ransom Vehicle through Charging Pile）。开会期间，见到了去年在我们组访问的秦悦（和悦姐畅聊！），也认识了很多新朋友和老师（UCI，IU，UCR，PU，皇马老家马德里的IMDEA）。最后，代替杨家海老师团队领取了最佳论文奖（1/2），很厉害的工作，感受了领奖的氛围。\nMoments ","date":1677456000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1677456000,"objectID":"f92d76b507c29a92916f153f5cdb9199","permalink":"https://lixiang521.com/zh/event/ndss-2023/","publishdate":"2023-02-27T00:00:00Z","relpermalink":"/zh/event/ndss-2023/","section":"zh","summary":"在2023年第30届网络与分布式系统安全会议上，我分享了我们关于DNS最新的研究工作（Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation）以及诸葛老师组的展板（Demo: Ransom Vehicle through Charging Pile）。开会期间，见到了去年在我们组访问的秦悦（和悦姐畅聊！），也认识了很多新朋友和老师。最后，代替杨家海老师团队领取了最佳论文奖（1/2），很厉害的工作，感受了领奖的氛围。","tags":["Presentation"],"title":"2023年第30届网络与分布式系统安全会议 | NDSS 2023","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In the 2023 30th Annual Network and Distributed System Security Symposium, I presented one paper “Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation” and one demo/poster “Demo: Ransom Vehicle through Charging Pile” to the audiences. I met old friend Yue Qin in our group and made many new friends (UCI, IU, UCR, PU, and IMDEA). I also attended the award ceremony and accepted the 1/2 distinguished paper award for our colleagues and friends from Professor Jiahai Yang’s team.\nMoments ","date":1677456000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1677456000,"objectID":"bf7ee2e01fbf9c5b88c9cc2ea4ac7c68","permalink":"https://lixiang521.com/talk/30th-annual-network-and-distributed-system-security-symposium-ndss-2023/","publishdate":"2023-02-27T00:00:00Z","relpermalink":"/talk/30th-annual-network-and-distributed-system-security-symposium-ndss-2023/","section":"event","summary":"In the 2023 30th Annual Network and Distributed System Security Symposium, I presented one paper \"Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation\" and one demo/poster \"Demo: Ransom Vehicle through Charging Pile\" to the audiences. I met old friend Yue Qin in our group and made many new friends. I also attended the award ceremony and accepted the 1/2 distinguished paper award for our colleagues and friends from Professor Jiahai Yang's team.","tags":["Presentation"],"title":"30th Annual Network and Distributed System Security Symposium | NDSS 2023","type":"event"},{"authors":["Shangru Song","Hetian Shi","Ruoyu Lun","Yunchao Guan","Xiang Li","Jihu Zheng","Jianwei Zhuge"],"categories":["Vehicle"],"content":"Overview In this demo with real EVs and public charging piles, we show a new approach, the Charging Pile Ransom Attack (CPRA), that can remotely ransom EVs through the charging connector between EVs and charging piles.\nI presented the demo to the audience. Just one vote less than the runner. Remember to vote ASAP next time.\n","date":1677456000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1677456000,"objectID":"88e24dd15b7ade27d99be5724cb524be","permalink":"https://lixiang521.com/publication/vehiclesec23/","publishdate":"2023-02-11T00:00:00Z","relpermalink":"/publication/vehiclesec23/","section":"publication","summary":"Ransom attacks have attracted widespread attention from researchers, however, there have been relatively few researches on vehicles, especially for electric vehicles (EVs). Such attacks mainly accomplish their purpose by exploiting vulnerabilities of vehicle itself, but often have a narrow attack surface. In this demo with real EVs and public charging piles, we show a new approach, the Charging Pile Ransom Attack (CPRA), that can remotely ransom EVs through the charging connector between EVs and charging piles. Additionally, we design a physical plugin for charging connectors that can extend the EV models affected by the described ransom attack. In this case, the CPRA needs a preparing step to locally install the plugin on the connector.","tags":["Vehicle","Vehicle Security"],"title":"Demo: Ransom Vehicle through Charging Pile","type":"publication"},{"authors":["Shangru Song","Hetian Shi","Ruoyu Lun","Yunchao Guan","Xiang Li","Jihu Zheng","Jianwei Zhuge"],"categories":["Vehicle"],"content":"Overview In this demo with real EVs and public charging piles, we show a new approach, the Charging Pile Ransom Attack (CPRA), that can remotely ransom EVs through the charging connector between EVs and charging piles.\n我向听众讲解了CPRA攻击。距离获奖一票之差，下次投票要早一点！\n","date":1677456000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1677456000,"objectID":"37e62aa320f580e575bd46516b253926","permalink":"https://lixiang521.com/zh/publication/vehiclesec23/","publishdate":"2023-02-11T00:00:00Z","relpermalink":"/zh/publication/vehiclesec23/","section":"zh","summary":"Ransom attacks have attracted widespread attention from researchers, however, there have been relatively few researches on vehicles, especially for electric vehicles (EVs). Such attacks mainly accomplish their purpose by exploiting vulnerabilities of vehicle itself, but often have a narrow attack surface. In this demo with real EVs and public charging piles, we show a new approach, the Charging Pile Ransom Attack (CPRA), that can remotely ransom EVs through the charging connector between EVs and charging piles. Additionally, we design a physical plugin for charging connectors that can extend the EV models affected by the described ransom attack. In this case, the CPRA needs a preparing step to locally install the plugin on the connector.","tags":["Vehicle","Vehicle Security"],"title":"Demo: Ransom Vehicle through Charging Pile","type":"zh"},{"authors":["Xiang Li","Baojun Liu","Xuesong Bai","Mingming Zhang","Qifan Zhang","Zhou Li","Haixin Duan","Qi Li"],"categories":["DNS"],"content":"Overview In this paper, we propose Phoenix Domain, a general and novel attack that allows adversaries to maintain the revoked malicious domain continuously resolvable at scale, which enables an old, mitigated attack, Ghost Domain.\nPhoenix Domain: https://phoenixdomain.net/\nCVE/CNNVD (9/5)\nKnot Resolver: CVE-2022-30250 CVE-2022-30251\nPowerDNS Recursor: CVE-2022-30252\nSimple DNS Plus: CVE-2022-30254\nMaraDNS: CVE-2022-30256(High) CNNVD-202211-3148(High)\nTechnitium: CVE-2022-30257(Critical) CNNVD-202211-3247(Critical)\nTechnitium: CVE-2022-30258(Critical) CNNVD-202211-3242(Critical)\nUnbound: CVE-2022-30698(Medium) CVE-2022-30699(Medium) CNNVD-202208-1881(Medium) CNNVD-202208-1883(Medium)\nPresentation\nPresented in OARC 39\nPresented in ICANN DNS Symposium 2022\nPresented in Black Hat Asia 2023\nReferenced by RFC Draft: Delegation Revalidation by DNS Resolvers\n","date":1677456000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1677456000,"objectID":"e3e7c398bb39c553ed8d7293595dcb6e","permalink":"https://lixiang521.com/publication/ndss23/","publishdate":"2022-09-01T08:00:00Z","relpermalink":"/publication/ndss23/","section":"publication","summary":"In this paper, we propose **Phoenix Domain**, a general and novel attack that allows adversaries to maintain the revoked malicious domain continuously resolvable at scale, which enables an old, mitigated attack, Ghost Domain.","tags":["DNS","DNS Security","DNS Delegation","DNS Revocation"],"title":"Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation","type":"publication"},{"authors":["Xiang Li","Baojun Liu","Xuesong Bai","Mingming Zhang","Qifan Zhang","Zhou Li","Haixin Duan","Qi Li"],"categories":["DNS"],"content":"Overview In this paper, we propose Phoenix Domain, a general and novel attack that allows adversaries to maintain the revoked malicious domain continuously resolvable at scale, which enables an old, mitigated attack, Ghost Domain.\nPhoenix Domain: https://phoenixdomain.net/\nCVE/CNNVD (9/5)\nKnot Resolver: CVE-2022-30250 CVE-2022-30251\nPowerDNS Recursor: CVE-2022-30252\nSimple DNS Plus: CVE-2022-30254\nMaraDNS: CVE-2022-30256(高危) CNNVD-202211-3148(高危)\nTechnitium: CVE-2022-30257(超危) CNNVD-202211-3247(超危)\nTechnitium: CVE-2022-30258(超危) CNNVD-202211-3242(超危)\nUnbound: CVE-2022-30698(中危) CVE-2022-30699(中危) CNNVD-202208-1881(中危) CNNVD-202208-1883(中危)\nPresentation\nPresented in OARC 39\nPresented in ICANN DNS Symposium 2022\nPresented in Black Hat Asia 2023\nReferenced by RFC Draft: Delegation Revalidation by DNS Resolvers\n","date":1677456000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1677456000,"objectID":"3c0730293e0ce79587b66add4540e19d","permalink":"https://lixiang521.com/zh/publication/ndss23/","publishdate":"2022-09-01T08:00:00Z","relpermalink":"/zh/publication/ndss23/","section":"zh","summary":"In this paper, we propose **Phoenix Domain**, a general and novel attack that allows adversaries to maintain the revoked malicious domain continuously resolvable at scale, which enables an old, mitigated attack, Ghost Domain.","tags":["DNS","DNS Security","DNS Delegation","DNS Revocation"],"title":"Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In OARC 40 \u0026amp; NANOG 87 Workshop (hybrid in-person and online workshop), I presented a novel hosting-based domain takeover detection framework DareShark to the audiences.\nFeedback from workshops ","date":1676505600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1676505600,"objectID":"de0c1c9d25232d8c10d31984675de59f","permalink":"https://lixiang521.com/talk/oarc-40-nanog-87-workshop/","publishdate":"2023-02-16T00:00:00Z","relpermalink":"/talk/oarc-40-nanog-87-workshop/","section":"event","summary":"In [OARC 40 \u0026 NANOG 87 Workshop](https://indico.dns-oarc.net/event/46/contributions/982/) (hybrid in-person and online workshop), I presented a novel hosting-based domain takeover detection framework **DareShark** to the audiences.","tags":["Presentation"],"title":"OARC 40 \u0026 NANOG 87 Workshop","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在 OARC 40 \u0026amp; NANOG 87 Workshop（线上线下结合），我分享了明明最新的研究工作：域名接管。\n现场反馈 ","date":1676505600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1676505600,"objectID":"1e24ef63b1ea4296f7075b2b70892b06","permalink":"https://lixiang521.com/zh/event/oarc-40/","publishdate":"2023-02-16T00:00:00Z","relpermalink":"/zh/event/oarc-40/","section":"zh","summary":"在 [OARC 40 \u0026 NANOG 87 Workshop](https://indico.dns-oarc.net/event/46/contributions/982/)（线上线下结合），我分享了明明最新的研究工作：域名接管。","tags":["Presentation"],"title":"OARC 40 \u0026 NANOG 87 Workshop","type":"zh"},{"authors":["Xiang Li"],"categories":["Conference"],"content":"On December 13, I was invited to attend the 20th BlueHat 2023.\nEvent Details and FAQ:\n· Applying to attend does not guarantee you a pass or ticket to the event: Follow the above ‘Apply Here!’ link and complete the application form. A review process will take place and if your application is accepted, you will receive an email invitation with a unique link to register for the conference.\n· Applications to attend BlueHat 2023 are open to all: both Microsoft and non-Microsoft employees in the fields of security research and response are welcome to submit an application. Microsoft is committed to ensuring a diverse, inclusive and accessible event. If you have questions or require assistance with submitting an application, please email bluehat23reg@microsoft.com.\n· Attendees are responsible for travel and accommodation costs and arrangements: If your application is accepted, you will be responsible for securing your travel and accommodation to Redmond, WA, USA, for Feb 8 – 9, 2023.\n· Emails will come from bluehat23reg@microsoft.com. Please monitor your Junk / Clutter / Spam / Other email folders for messages from this address. If you do not receive a confirmation email, please contact the BlueHat planning team at bluehat23reg@microsoft.com.\n","date":1675839600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1675839600,"objectID":"3e0fe1d6d432fdbd73a078bb5ede58fd","permalink":"https://lixiang521.com/talk/invited-to-attend-the-20th-bluehat-2023/","publishdate":"2022-12-13T00:00:00Z","relpermalink":"/talk/invited-to-attend-the-20th-bluehat-2023/","section":"event","summary":"On December 13, I was invited to attend the 20th BlueHat 2023.","tags":["Conference"],"title":"Invited to Attend the 20th BlueHat 2023","type":"event"},{"authors":["Xiang Li"],"categories":["Conference"],"content":"在12月13日，受邀参加第20届BlueHat 2023。\n详情：\n· Applying to attend does not guarantee you a pass or ticket to the event: Follow the above ‘Apply Here!’ link and complete the application form. A review process will take place and if your application is accepted, you will receive an email invitation with a unique link to register for the conference.\n· Applications to attend BlueHat 2023 are open to all: both Microsoft and non-Microsoft employees in the fields of security research and response are welcome to submit an application. Microsoft is committed to ensuring a diverse, inclusive and accessible event. If you have questions or require assistance with submitting an application, please email bluehat23reg@microsoft.com.\n· Attendees are responsible for travel and accommodation costs and arrangements: If your application is accepted, you will be responsible for securing your travel and accommodation to Redmond, WA, USA, for Feb 8 – 9, 2023.\n· Emails will come from bluehat23reg@microsoft.com. Please monitor your Junk / Clutter / Spam / Other email folders for messages from this address. If you do not receive a confirmation email, please contact the BlueHat planning team at bluehat23reg@microsoft.com.\n","date":1675839600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1675839600,"objectID":"67f75355be342990c3fd9e30361f2b0b","permalink":"https://lixiang521.com/zh/event/bluehat-2023/","publishdate":"2022-12-13T00:00:00Z","relpermalink":"/zh/event/bluehat-2023/","section":"zh","summary":"在12月13日，受邀参加第20届BlueHat 2023。","tags":["Conference"],"title":"受邀参加第20届BlueHat 2023","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In the 5th ICANN DNS Symposium (IDS 2022), I presented my NDSS ‘23 paper Phoenix Domain to the audiences. Discussed with so many enthusiastic question askers.\n","date":1668502800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1668502800,"objectID":"3775c5339ee0ccd5577b18733d4d81a4","permalink":"https://lixiang521.com/talk/icann-dns-symposium-november-2022/","publishdate":"2022-11-16T00:00:00Z","relpermalink":"/talk/icann-dns-symposium-november-2022/","section":"event","summary":"In the 5th ICANN DNS Symposium ([IDS 2022](https://www.icann.org/ids)), I presented my NDSS '23 paper [Phoenix Domain](https://phoenixdomain.net/) to the audiences. Discussed with so many enthusiastic question askers.","tags":["Presentation"],"title":"ICANN DNS Symposium | November 2022","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在2022年第五届ICANN的DNS研讨会（IDS 2022）中，我分享了NDSS ‘23论文不死域名，反响热烈。\n","date":1668502800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1668502800,"objectID":"94c4d702be4316ff673968b118365b35","permalink":"https://lixiang521.com/zh/event/ids-2022/","publishdate":"2022-11-16T00:00:00Z","relpermalink":"/zh/event/ids-2022/","section":"zh","summary":"在2022年第五届ICANN的DNS研讨会（[IDS 2022](https://www.icann.org/ids)）中，我分享了NDSS '23论文[不死域名](https://phoenixdomain.net/)，反响热烈。","tags":["Presentation"],"title":"ICANN DNS 研讨会 | 2022年11月","type":"zh"},{"authors":["Xiang Li"],"categories":["Conference"],"content":"During November 7-11, 2022, I attended ACM CCS 2022 in person and knew and met many friends.\n","date":1667811600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1667811600,"objectID":"5f25afbe7eaebbca9633e6789791811f","permalink":"https://lixiang521.com/talk/2022-29th-acm-conference-on-computer-and-communications-security-ccs-2022/","publishdate":"2022-11-11T00:00:00Z","relpermalink":"/talk/2022-29th-acm-conference-on-computer-and-communications-security-ccs-2022/","section":"event","summary":"During November 7-11, 2022, I attended ACM CCS 2022 in person and knew and met many friends.","tags":["Conference"],"title":"2022 29th ACM Conference on Computer and Communications Security | CCS 2022","type":"event"},{"authors":["Xiang Li"],"categories":["Conference"],"content":"在2022年11月7日至11日，到现场参加了CCS 2022大会，认识了很多小伙伴！\n","date":1667811600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1667811600,"objectID":"b86033b7c3feae3b11c51398f6cf2edb","permalink":"https://lixiang521.com/zh/event/ccs-2022/","publishdate":"2022-11-11T00:00:00Z","relpermalink":"/zh/event/ccs-2022/","section":"zh","summary":"在2022年11月7日至11日，到现场参加了CCS 2022大会，认识了很多小伙伴！","tags":["Conference"],"title":"2022 29th ACM Conference on Computer and Communications Security | CCS 2022","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In OARC 39 \u0026amp; 47th CENTR Technical Workshop (hybrid in-person and online workshop), I presented a novel Ghost Domain attack named Phoenix Domain to the audiences.\nFeedback from workshops ","date":1666396800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1666396800,"objectID":"36213d277737254fd4581752c10d177e","permalink":"https://lixiang521.com/talk/oarc-39-47th-centr-technical-workshop/","publishdate":"2022-10-23T00:00:00Z","relpermalink":"/talk/oarc-39-47th-centr-technical-workshop/","section":"event","summary":"In [OARC 39 \u0026 47th CENTR Technical Workshop](https://indico.dns-oarc.net/event/44/contributions/953/) (hybrid in-person and online workshop), I presented a novel Ghost Domain attack named [Phoenix Domain](https://phoenixdomain.net/) to the audiences.","tags":["Presentation"],"title":"OARC 39 \u0026 47th CENTR Technical Workshop","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在 OARC 39 \u0026amp; 47th CENTR Technical Workshop（线上线下结合），我分享了最新的研究工作不死域名。\n现场反馈 ","date":1666396800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1666396800,"objectID":"bfe46aa240499b7b7eb248b7927f0915","permalink":"https://lixiang521.com/zh/event/oarc-39/","publishdate":"2022-10-23T00:00:00Z","relpermalink":"/zh/event/oarc-39/","section":"zh","summary":"在 [OARC 39 \u0026 47th CENTR Technical Workshop](https://indico.dns-oarc.net/event/44/contributions/953/)（线上线下结合），我分享了最新的研究工作[不死域名](https://phoenixdomain.net/)。","tags":["Presentation"],"title":"OARC 39 \u0026 47th CENTR Technical Workshop","type":"zh"},{"authors":["Xiang Li"],"categories":["Conference"],"content":"On July 25, I was invited to MSRC’s Researcher Celebration at Black Hat 2022.\nEvent details:\n· When: Wednesday, August 10th, 2022, from 7PM to 11PM\n· Where: Illuminarium at Area 15, Las Vegas\n· Who is the event for: MSRC’s Most Valuable Researchers (MVRs) and alumni, MSRC strategic partners, the security research community, and Microsoft employees in security engineering, response, and research.\nFrequently asked questions:\n· Why am I receiving this email? You are receiving this email – an invitation to the MSRC Researcher Celebration 2022 event – because you have been recognized as one of MSRC’s Most Valuable Researchers, have contributed a bounty eligible case to MSRC at some point during the past 4 years, are part of MSRC’s MAPP program, or you have been nominated to receive an invitation from a fellow researcher or Microsoft employee. If you believe you have been invited in error or do not wish to be invited to these types of events, please email bluehat@microsoft.com to have your name added to the ‘do not contact’ list.\n· Will there be transport to the event? Yes! When registering please let us know what hotel you will be staying at, and we will use this information to coordinate transport to and from the party. We will endeavor to have multiple options for attendees to arrive and depart throughout the night.\n· Do I need to eat before I arrive? You shouldn’t need to! There will be amazing (and substantial) food and beverages throughout the event with options for vegetarians, vegans, as well as those avoiding gluten and dairy.\n· Can I have a +1? We’d love for you to introduce us to researchers and potential partners that might not have received an invitation. Feel free to request a +1 when registering but please note that we cannot guarantee additional tickets as space is limited.\n· Can I forward this email? Please don’t. When registering request a +1, or email bluehat@microsoft.com with the name of the researcher(s) you would like to nominate.\n· I’m not attending Black Hat or DEF CON, can I give my ticket to another researcher? Tickets are non-transferable, however if you’d like to nominate another researcher to attend the MSRC Researcher Celebration event please email bluehat@microsoft.com with the name and email address of the researcher you’d like to nominate – but please ensure that researcher has given you permission to pass their contact information on to us.\n","date":1660114800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1660114800,"objectID":"4e2415fbbb5ba355f0ec4e0804d67a47","permalink":"https://lixiang521.com/talk/invited-to-msrcs-researcher-celebration-at-black-hat-2022/","publishdate":"2022-08-10T00:00:00Z","relpermalink":"/talk/invited-to-msrcs-researcher-celebration-at-black-hat-2022/","section":"event","summary":"On July 25, I was invited to MSRC's Researcher Celebration at Black Hat 2022.","tags":["Conference"],"title":"Invited to MSRC's Researcher Celebration at Black Hat 2022","type":"event"},{"authors":["Xiang Li"],"categories":["Conference"],"content":"在2022年7月25日，受邀参加 MSRC’s Researcher Celebration at Black Hat 2022。\n详情：\n· When: Wednesday, August 10th, 2022, from 7PM to 11PM\n· Where: Illuminarium at Area 15, Las Vegas\n· Who is the event for: MSRC’s Most Valuable Researchers (MVRs) and alumni, MSRC strategic partners, the security research community, and Microsoft employees in security engineering, response, and research.\n提问：\n· Why am I receiving this email? You are receiving this email – an invitation to the MSRC Researcher Celebration 2022 event – because you have been recognized as one of MSRC’s Most Valuable Researchers, have contributed a bounty eligible case to MSRC at some point during the past 4 years, are part of MSRC’s MAPP program, or you have been nominated to receive an invitation from a fellow researcher or Microsoft employee. If you believe you have been invited in error or do not wish to be invited to these types of events, please email bluehat@microsoft.com to have your name added to the ‘do not contact’ list.\n· Will there be transport to the event? Yes! When registering please let us know what hotel you will be staying at, and we will use this information to coordinate transport to and from the party. We will endeavor to have multiple options for attendees to arrive and depart throughout the night.\n· Do I need to eat before I arrive? You shouldn’t need to! There will be amazing (and substantial) food and beverages throughout the event with options for vegetarians, vegans, as well as those avoiding gluten and dairy.\n· Can I have a +1? We’d love for you to introduce us to researchers and potential partners that might not have received an invitation. Feel free to request a +1 when registering but please note that we cannot guarantee additional tickets as space is limited.\n· Can I forward this email? Please don’t. When registering request a +1, or email bluehat@microsoft.com with the name of the researcher(s) you would like to nominate.\n· I’m not attending Black Hat or DEF CON, can I give my ticket to another researcher? Tickets are non-transferable, however if you’d like to nominate another researcher to attend the MSRC Researcher Celebration event please email bluehat@microsoft.com with the name and email address of the researcher you’d like to nominate – but please ensure that researcher has given you permission to pass their contact information on to us.\n","date":1660114800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1660114800,"objectID":"48f8ec47d851e0a5f23b7688d8d52590","permalink":"https://lixiang521.com/zh/event/msrc-blackhat-2022/","publishdate":"2022-08-10T00:00:00Z","relpermalink":"/zh/event/msrc-blackhat-2022/","section":"zh","summary":"在2022年7月25日，受邀参加 MSRC's Researcher Celebration at Black Hat 2022。","tags":["Conference"],"title":"受邀参加 MSRC's Researcher Celebration at Black Hat 2022","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在@Pentester Academy TV，与@DamianGoh13一道，我展示了XMap 扫描器工具。新功能即将发布。\n视频链接：here\n","date":1639555200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1639555200,"objectID":"a2bba8e43ece85817dd00d61696bac66","permalink":"https://lixiang521.com/zh/event/the-tool-box-xmap-2021/","publishdate":"2021-12-15T00:00:00Z","relpermalink":"/zh/event/the-tool-box-xmap-2021/","section":"zh","summary":"在[@Pentester Academy TV](https://www.youtube.com/channel/UChjC1q6Ami7W0E71TzPZELA)，与[@DamianGoh13](https://twitter.com/DamianGoh13)一道，我展示了[XMap](https://idealeer.github.io/project/xmap/) 扫描器工具。视频链接：[here](https://www.youtube.com/watch?v=wgdFham6P2Y)。新功能即将发布。","tags":["Presentation"],"title":"Pentester Academy 工具集｜XMap","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In @Pentester Academy TV, I presented the IPv6 network scanner XMap with @DamianGoh13. New features are coming.\nWatch the video at here.\n","date":1639555200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1639555200,"objectID":"4093388f0b8582a067f088957cb5ba73","permalink":"https://lixiang521.com/talk/the-tool-box-xmap/","publishdate":"2021-12-15T00:00:00Z","relpermalink":"/talk/the-tool-box-xmap/","section":"event","summary":"In [@Pentester Academy TV](https://www.youtube.com/channel/UChjC1q6Ami7W0E71TzPZELA), I presented the IPv6 network scanner [XMap](https://idealeer.github.io/project/xmap/) with [@DamianGoh13](https://twitter.com/DamianGoh13). Watch the video at [here](https://www.youtube.com/watch?v=wgdFham6P2Y). New features are coming.","tags":["Presentation"],"title":"The Tool Box | XMap","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In the 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021, virtually), I presented paper “Fast IPv6 Network Periphery Discovery and Security Implications” to the audiences.\n","date":1624233600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1624233600,"objectID":"606efd103decd9669f064ca11111df29","permalink":"https://lixiang521.com/talk/2021-51st-annual-ieee/ifip-international-conference-on-dependable-systems-and-networks-virtual-event-dsn-2021/","publishdate":"2021-06-23T00:00:00Z","relpermalink":"/talk/2021-51st-annual-ieee/ifip-international-conference-on-dependable-systems-and-networks-virtual-event-dsn-2021/","section":"event","summary":"In the 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021, virtually), I presented paper \"Fast IPv6 Network Periphery Discovery and Security Implications\" to the audiences.","tags":["Presentation"],"title":"2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (Virtual Event) | DSN 2021","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在2021年第51届IEEE/IFIP国际可靠系统和网络会议上（线上举办），我分享了论文：Fast IPv6 Network Periphery Discovery and Security Implications。\n","date":1624233600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1624233600,"objectID":"1e78f1770766b298faf5ecfca4ce5a2c","permalink":"https://lixiang521.com/zh/event/dsn-2021/","publishdate":"2021-06-23T00:00:00Z","relpermalink":"/zh/event/dsn-2021/","section":"zh","summary":"在2021年第51届IEEE/IFIP国际可靠系统和网络会议上（线上举办），我分享了论文：Fast IPv6 Network Periphery Discovery and Security Implications。","tags":["Presentation"],"title":"2021年第51届IEEE/IFIP国际可靠系统和网络会议 | DSN 2021","type":"zh"},{"authors":["Xiang Li","Baojun Liu","Xiaofeng Zheng","Haixin Duan","Qi Li","Youjun Huang"],"categories":["IPv6"],"content":"Overview We introduce a novel IPv6 network scanning technique and develop a fast network scanner XMap to evaluate it, harvesting 52M devices. We leverage XMap to measure the unintended exposed IPv6 services and uncover a common IPv6 routing loop vulnerability and receive \u0026gt;131 CNVD/CVE.\nCNVD/CNNVD/CVE (109/5/22)\nCNVD-2021-03270(Medium) CNVD-2021-03271(Medium) CNVD-2021-03291(Medium) CNVD-2021-03312(Medium)\nCNVD-2021-03318(High) CNVD-2021-03320(High) CNVD-2021-03326(Medium) CNVD-2021-03327(Medium)\nCNVD-2021-03328(Medium) CNVD-2021-03331(Medium) CNVD-2021-03375(Medium) CNVD-2021-03376(Medium)\nCNVD-2021-03380(Medium) CNVD-2021-03399(Medium) CNVD-2021-03423(Medium) CNVD-2021-03424(Medium)\nCNVD-2021-03425(Medium) CNVD-2021-03473(Medium) CNVD-2021-03495(Medium) CNVD-2021-03503(Medium)\nCNVD-2021-03505(Medium) CNVD-2021-03507(Medium) CNVD-2021-03508(Medium) CNVD-2021-03511(Medium)\nCNVD-2021-04817(Medium) CNVD-2021-04818(Medium) CNVD-2021-04829(Medium) CNVD-2021-04830(Medium)\nCNVD-2021-05370(Medium) CNVD-2021-05371(Medium) CNVD-2021-05372(Medium) CNVD-2021-05373(Medium)\nCNVD-2021-05374(Medium) CNVD-2021-05375(Medium) CNVD-2021-05380(Medium) CNVD-2021-05435(Medium)\nCNVD-2021-05470(Medium) CNVD-2021-05472(Medium) CNVD-2021-05492(Medium) CNVD-2021-05493(High)\nCNVD-2021-06623(High) CNVD-2021-06624(High) CNVD-2021-06625(High) CNVD-2021-06626(High)\nCNVD-2021-06627(High) CNVD-2021-06628(High) CNVD-2021-06629(High) CNVD-2021-08384(Medium)\nCNVD-2021-08385(Medium) CNVD-2021-08386(Medium) CNVD-2021-08387(Medium) CNVD-2021-08388(Medium)\nCNVD-2021-08389(Medium) CNVD-2021-08390(Medium) CNVD-2021-08391(Medium) CNVD-2021-08394(Medium)\nCNVD-2021-08395(Medium) CNVD-2021-10397(High) CNVD-2021-10398(High) CNVD-2021-10399(High)\nCNVD-2021-10400(High) CNVD-2021-10401(High) CNVD-2021-10402(Low) CNVD-2021-10403(High)\nCNVD-2021-10404(Medium) CNVD-2021-10405(Medium) CNVD-2021-10406(Medium) CNVD-2021-10407(High)\nCNVD-2021-10408(High) CNVD-2021-10409(High) CNVD-2021-10410(High) CNVD-2021-10411(High)\nCNVD-2021-10412(High) CNVD-2021-10413(High) CNVD-2021-10414(High) CNVD-2021-10415(High)\nCNVD-2021-10416(High) CNVD-2021-10417(High) CNVD-2021-10418(High) CNVD-2021-10419(High)\nCNVD-2021-10420(High) CNVD-2021-10421(High) CNVD-2021-10422(High) CNVD-2021-10423(High)\nCNVD-2021-10424(High) CNVD-2021-10425(High) CNVD-2021-12861(High) CNVD-2021-12883(High)\nCNVD-2021-12886(High) CNVD-2021-12887(High) CNVD-2021-12890(High) CNVD-2021-13250(High)\nCNVD-2021-13251(High) CNVD-2021-13252(High) CNVD-2021-13253(High) CNVD-2021-13254(High)\nCNVD-2021-13255(High) CNVD-2021-13256(High) CNVD-2021-13257(High) CNVD-2021-13259(High)\nCNVD-2021-13260(High) CNVD-2021-13261(High) CNVD-2021-13469(High) CNVD-2021-16327(Medium)\nCNVD-2021-16400(High) CNVD-2021-29189(High) CNVD-2021-29190(High) CNVD-2021-29191(High)\nCNVD-2021-29195(Medium)\nCNNVD-202102-570(Medium) CNNVD-202103-1624(High) CNNVD-202104-652(High)\nCNNVD-202104-659(High) CNNVD-202104-697(High)\nCVE-2021-3107 CVE-2021-3108 CVE-2021-3112\nCVE-2021-3125(High) CVE-2021-3128(High) CVE-2021-3173 CVE-2021-3379\nCVE-2021-21727(High) CVE-2021-22161(Medium) CVE-2021-22162 CVE-2021-22163\nCVE-2021-22164 CVE-2021-22165 CVE-2021-23238 CVE-2021-23268\nCVE-2021-23269 CVE-2021-23270(High) CVE-2021-23831 CVE-2021-23832\nCVE-2021-23833 CVE-2021-23834 CVE-2021-23898\nPresentation \u0026amp; Impact\nPresented in 2021 West Lake Cybersecurity Conference: Cyberspace Security Tools Presentation\nPresented in Pentester Academy TV\nReferenced by 10+ top-tier security conference papers\nSupporting one patent CN202110502369.2\nThe 2nd Place of 2025 ACSAC Cybersecurity Artifacts Impact Award (First Chinese institution to receive this award)\n","date":1624233600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1624233600,"objectID":"be1c5351ac513b36e7be90e5195a58bb","permalink":"https://lixiang521.com/publication/dsn21/","publishdate":"2021-04-13T00:00:00Z","relpermalink":"/publication/dsn21/","section":"publication","summary":"We introduce a novel IPv6 network scanning technique and develop a fast network scanner *XMap* to evaluate it, harvesting *52M* devices. We leverage *XMap* to measure the unintended exposed IPv6 services and uncover a common IPv6 routing loop vulnerability and receive \u003e109 CNVD/CVE.","tags":["IPv6","IPv6 Security","IPv6 Network Periphery","Internet Measurement","Routing Loop Attack"],"title":"Fast IPv6 Network Periphery Discovery and Security Implications","type":"publication"},{"authors":["Xiang Li","Baojun Liu","Xiaofeng Zheng","Haixin Duan","Qi Li","Youjun Huang"],"categories":["IPv6"],"content":"概述 在IPv4网络空间中，网络扫描技术具备着巨大的应用前景，可以被用来完成大规模的测量研究工作，诸如多种协议部署的测量、僵尸网络行为的追踪、潜在网络漏洞的发现。然而，IPv6引入了海量的128位地址空间，使得传统的枚举遍历扫描技术变得不太可行。即便学术界已经针对性地提出了多种有效的IPv6终端地址发现方案，但这些方案仍受到扫描效率和精度的影响，并不能被直接采用来进行IPv6网络空间中的大规模测量研究。\n本工作从全新的扫描角度出发，提出了一种新型的IPv6网络扫描技术，用于发现位于网络拓扑中重要位置的IPv6网络边界设备，同时设计并实现了全新的IPv6网络扫描器：XMap，可被用来进行大规模的扫描探测工作。通过利用XMap，本工作在若干个运营商的网络环境下发现了数以千万计的IPv6网络边界设备，并对其暴露的关键网络服务进行了深入的安全分析。此外，利用XMap，本工作发现了一个普遍存在的通用型路由循环漏洞（影响数十家路由器厂商），申请到了多于109个漏洞编号，并向厂商提供了合理的披露和有效的修复方案。\n漏洞编号：CNVD/CNNVD/CVE (109/5/22)\nCNVD-2021-03270(中危) CNVD-2021-03271(中危) CNVD-2021-03291(中危) CNVD-2021-03312(中危)\nCNVD-2021-03318(高危) CNVD-2021-03320(高危) CNVD-2021-03326(中危) CNVD-2021-03327(中危)\nCNVD-2021-03328(中危) CNVD-2021-03331(中危) CNVD-2021-03375(中危) CNVD-2021-03376(中危)\nCNVD-2021-03380(中危) CNVD-2021-03399(中危) CNVD-2021-03423(中危) CNVD-2021-03424(中危)\nCNVD-2021-03425(中危) CNVD-2021-03473(中危) CNVD-2021-03495(中危) CNVD-2021-03503(中危)\nCNVD-2021-03505(中危) CNVD-2021-03507(中危) CNVD-2021-03508(中危) CNVD-2021-03511(中危)\nCNVD-2021-04817(中危) CNVD-2021-04818(中危) CNVD-2021-04829(中危) CNVD-2021-04830(中危)\nCNVD-2021-05370(中危) CNVD-2021-05371(中危) CNVD-2021-05372(中危) CNVD-2021-05373(中危)\nCNVD-2021-05374(中危) CNVD-2021-05375(中危) CNVD-2021-05380(中危) CNVD-2021-05435(中危)\nCNVD-2021-05470(中危) CNVD-2021-05472(中危) CNVD-2021-05492(中危) CNVD-2021-05493(高危)\nCNVD-2021-06623(高危) CNVD-2021-06624(高危) CNVD-2021-06625(高危) CNVD-2021-06626(高危)\nCNVD-2021-06627(高危) CNVD-2021-06628(高危) CNVD-2021-06629(高危) CNVD-2021-08384(中危)\nCNVD-2021-08385(中危) CNVD-2021-08386(中危) CNVD-2021-08387(中危) CNVD-2021-08388(中危)\nCNVD-2021-08389(中危) CNVD-2021-08390(中危) CNVD-2021-08391(中危) CNVD-2021-08394(中危)\nCNVD-2021-08395(中危) CNVD-2021-10397(高危) CNVD-2021-10398(高危) CNVD-2021-10399(高危)\nCNVD-2021-10400(高危) CNVD-2021-10401(高危) CNVD-2021-10402(低危) CNVD-2021-10403(高危)\nCNVD-2021-10404(中危) CNVD-2021-10405(中危) CNVD-2021-10406(中危) CNVD-2021-10407(高危)\nCNVD-2021-10408(高危) CNVD-2021-10409(高危) CNVD-2021-10410(高危) CNVD-2021-10411(高危)\nCNVD-2021-10412(高危) CNVD-2021-10413(高危) CNVD-2021-10414(高危) CNVD-2021-10415(高危)\nCNVD-2021-10416(高危) CNVD-2021-10417(高危) CNVD-2021-10418(高危) CNVD-2021-10419(高危)\nCNVD-2021-10420(高危) CNVD-2021-10421(高危) CNVD-2021-10422(高危) CNVD-2021-10423(高危)\nCNVD-2021-10424(高危) CNVD-2021-10425(高危) CNVD-2021-12861(高危) CNVD-2021-12883(高危)\nCNVD-2021-12886(高危) CNVD-2021-12887(高危) CNVD-2021-12890(高危) CNVD-2021-13250(高危)\nCNVD-2021-13251(高危) CNVD-2021-13252(高危) CNVD-2021-13253(高危) CNVD-2021-13254(高危)\nCNVD-2021-13255(高危) CNVD-2021-13256(高危) CNVD-2021-13257(高危) CNVD-2021-13259(高危)\nCNVD-2021-13260(高危) CNVD-2021-13261(高危) CNVD-2021-13469(高危) CNVD-2021-16327(中危)\nCNVD-2021-16400(高危) CNVD-2021-29189(高危) CNVD-2021-29190(高危) CNVD-2021-29191(高危)\nCNVD-2021-29195(中危)\nCNNVD-202102-570(中危) CNNVD-202103-1624(高危) CNNVD-202104-652(高危)\nCNNVD-202104-659(高危) CNNVD-202104-697(高危)\nCVE-2021-3107 CVE-2021-3108 CVE-2021-3112\nCVE-2021-3125(高危) CVE-2021-3128(高危) CVE-2021-3173 CVE-2021-3379\nCVE-2021-21727(高危) CVE-2021-22161(中危) CVE-2021-22162 CVE-2021-22163\nCVE-2021-22164 CVE-2021-22165 CVE-2021-23238 CVE-2021-23268\nCVE-2021-23269 CVE-2021-23270(高危) CVE-2021-23831 CVE-2021-23832\nCVE-2021-23833 CVE-2021-23834 CVE-2021-23898\n展示和影响\n展示于2021 西湖论剑·网络安全大会：首届国产优秀网络安全工具主题展\n展示于Pentester Academy TV\n被10+安全顶会论文引用\n支撑专利CN202110502369.2\n2025 ACSAC网络安全技术成果影响力奖第二名（中国研究机构首次获得）\n","date":1624233600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1624233600,"objectID":"0cfd90ac0928e1f3ee8204fca0c82ba1","permalink":"https://lixiang521.com/zh/publication/dsn21/","publishdate":"2021-04-13T00:00:00Z","relpermalink":"/zh/publication/dsn21/","section":"zh","summary":"本工作从全新的扫描角度出发，提出了一种新型的IPv6网络扫描技术，用于发现位于网络拓扑中重要位置的IPv6网络边界设备，同时设计并实现了全新的IPv6网络扫描器：*XMap*，可被用来进行大规模的扫描探测工作。通过利用XMap，本工作在若干个运营商的网络环境下发现了数以千万计的IPv6网络边界设备，并对其暴露的关键网络服务进行了深入的安全分析。此外，利用XMap，本工作发现了一个普遍存在的通用型路由循环漏洞（影响数十家路由器厂商），申请到了多于109个漏洞编号，并向厂商提供了合理的披露和有效的修复方案。","tags":["IPv6","IPv6 Security","IPv6 Network Periphery","Internet Measurement","Routing Loop Attack"],"title":"Fast IPv6 Network Periphery Discovery and Security Implications","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In the 4th ICANN DNS Symposium (IDS 2021, virtually) , I presented a novel DNS cache poisoning attack (introduced by Xiaofeng Zheng from our lab) to the audiences.\n","date":1621944000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1621944000,"objectID":"9bfe0eb6d40308eb14621197149fce57","permalink":"https://lixiang521.com/talk/icann-dns-symposium-may-2021/","publishdate":"2021-05-28T00:00:00Z","relpermalink":"/talk/icann-dns-symposium-may-2021/","section":"event","summary":"In the 4th ICANN DNS Symposium (IDS 2021, virtually), I presented [a novel DNS cache poisoning attack](https://www.usenix.org/conference/usenixsecurity20/presentation/zheng) (introduced by Xiaofeng Zheng from our lab) to the audiences.","tags":["Presentation"],"title":"ICANN DNS Symposium | May 2021","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在2021年第四届ICANN的DNS线上研讨会中，我介绍了实验室晓峰师兄所提出了的一种新型DNS缓存污染攻击。\n","date":1621944000,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1621944000,"objectID":"11a8bdfb97a8a351f131bf9561cf5d10","permalink":"https://lixiang521.com/zh/event/ids-2021/","publishdate":"2021-05-28T00:00:00Z","relpermalink":"/zh/event/ids-2021/","section":"zh","summary":"在2021年第四届ICANN的DNS线上研讨会中，我介绍了实验室晓峰师兄所提出了的一种[新型DNS缓存污染攻击](https://www.usenix.org/conference/usenixsecurity20/presentation/zheng)。","tags":["Presentation"],"title":"ICANN DNS 研讨会 | 2021年5月","type":"zh"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"In the 2021 West Lake Cybersecurity Conference, I presented the IPv6 network scanner XMap to the audiences.\nOur colleagues Kaiwen, Chuhan, and Jianyu presented their fake emails checking tool: ESpoofing.\n","date":1619251200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1619251200,"objectID":"2641bf8bcb87601796f0f6eec5b0335f","permalink":"https://lixiang521.com/talk/2021-west-lake-cybersecurity-conference-cyberspace-security-tools-presentation/","publishdate":"2021-04-24T00:00:00Z","relpermalink":"/talk/2021-west-lake-cybersecurity-conference-cyberspace-security-tools-presentation/","section":"event","summary":"In the [2021 West Lake Cybersecurity Conference](https://2021.gcsis.cn/), I presented the IPv6 network scanner [XMap](https://idealeer.github.io/project/xmap/) to the audiences.","tags":["Presentation"],"title":"2021 West Lake Cybersecurity Conference: Cyberspace Security Tools Presentation","type":"event"},{"authors":["Xiang Li"],"categories":["Presentation"],"content":"在2021年西湖论剑·网络安全大会：首届国产优秀网络安全工具主题展中，我们展示了XMap 扫描器工具。\n我们的同行凯文、楚涵、建宇，演示了他们的伪造邮件检测工具：ESpoofing。\n","date":1619251200,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1619251200,"objectID":"8328225cecfb63a2ddb9e9d7a387ee85","permalink":"https://lixiang521.com/zh/event/west-lake-cyberspace-conf-2021/","publishdate":"2021-04-24T00:00:00Z","relpermalink":"/zh/event/west-lake-cyberspace-conf-2021/","section":"zh","summary":"在[2021年西湖论剑·网络安全大会](https://2021.gcsis.cn/)：首届国产优秀网络安全工具主题展中，我们展示了[XMap](https://idealeer.github.io/project/xmap/) 扫描器工具。","tags":["Presentation"],"title":"2021 西湖论剑·网络安全大会：首届国产优秀网络安全工具主题展","type":"zh"},{"authors":["Xiang Li"],"categories":["Speech"],"content":"As one of the delegates from Tsinghua University, I presented our latest research on the IPv6 network security at the THU and SEU academic communication meeting.\nTeachers, students, and researchers from the Institute of Network Science and Cyberspace (Tsinghua University), QI-ANXIN Technology Research Institute, and School of Cyber Science and Engineering (Southeast University) attended this meeting and shared their research ideas.\n","date":1618659600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1618659600,"objectID":"1f8bbcf0460480b9b16cb852001df59e","permalink":"https://lixiang521.com/talk/speech-of-the-dsn-21-paper-fast-ipv6-network-periphery-discovery-and-security-implications/","publishdate":"2021-04-20T00:00:00Z","relpermalink":"/talk/speech-of-the-dsn-21-paper-fast-ipv6-network-periphery-discovery-and-security-implications/","section":"event","summary":"As one of the delegates from Tsinghua University, I presented our latest research on the IPv6 network security at the [THU](https://www.tsinghua.edu.cn) and [SEU](https://www.seu.edu.cn) academic communication meeting.","tags":["Academic Communication","Speech"],"title":"Speech of the DSN '21 paper: Fast IPv6 Network Periphery Discovery and Security Implications","type":"event"},{"authors":["Xiang Li"],"categories":["Speech"],"content":"作为清华大学网络科学与网络空间研究院的成员之一，在清华大学与东南大学 的学术交流活动中，我分享了我们在IPv6安全领域最新的研究成果。\n来自清华大学网络科学与网络空间研究院 ，奇安信技术研究院和东南大学网络空间安全学院的师生、研究人员参加了此次学术交流活动并分享了最新的研究成果。\n","date":1618659600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1618659600,"objectID":"84d71c27be02804db2b8e22cfd34f4df","permalink":"https://lixiang521.com/zh/event/thu-seu-communication-2021/","publishdate":"2021-04-20T00:00:00Z","relpermalink":"/zh/event/thu-seu-communication-2021/","section":"zh","summary":"作为清华大学网络科学与网络空间研究院的成员之一，在[清华大学](https://www.tsinghua.edu.cn)与[东南大学](https://www.seu.edu.cn) 的学术交流活动中，我分享了我们在IPv6安全领域最新的研究成果。","tags":["Academic Communication","Speech"],"title":"学术交流报告：没有不可能，快速IPv6边界设备发现技术及其安全应用","type":"zh"},{"authors":["Xiang Li"],"categories":["IPv6"],"content":"NOTE: THIS IS A PRIMARY README. PLEASE CHECK GITHUB FOR THE LATEST NEWS.\nXMap is a fast network scanner designed for performing Internet-wide IPv6 \u0026amp; IPv4 network research scanning.\nXMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the “5 minutes” probing speed and novel scanning techniques. XMap is capable of scanning the 32-bits address space in under 45 minutes. With a 10 gigE connection and PF_RING, XMap can scan the 32-bits address space in under 5 minutes. Moreover, leveraging the novel IPv6 scanning approach, XMap can discover the IPv6 Network Periphery fast. Furthermore, XMap can scan the network space randomly with any length and at any position, such as 2001:db8::/32-64 and 192.168.0.1/16-20. Besides, XMap can probe multiple ports simultaneously.\nXMap operates on GNU/Linux, Mac OS, and BSD. XMap currently has implemented probe modules for ICMP Echo scans, TCP SYN scans, and UDP probes.\nWith banner grab and TLS handshake tool, ZGrab2, more involved scans could be performed.\nInstallation The latest stable release of XMap is version 1.0.0 and supports Linux, macOS, and BSD. We recommend installing XMap from HEAD rather than using a distro package manager (not supported yet).\nInstructions on building XMap from source can be found in INSTALL.\nUsage XMap GitHub.\nA guide to using XMap can be found in our GitHub Wiki.\nSimple commands and options to using XMap can be found in USAGE.\nPaper Fast IPv6 Network Periphery Discovery and Security Implications.\nAbstract. Numerous measurement researches have been performed to discover the IPv4 network security issues by leveraging the fast Internet-wide scanning techniques. However, IPv6 brings the 128-bits address space and renders brute-force network scanning impractical. Although significant efforts have been dedicated to enumerating active IPv6 hosts, limited by technique efficiency and probing accuracy, large-scale empirical measurement studies under the increasing IPv6 networks are infeasible now.\nTo fill this research gap, by leveraging the extensively adopted IPv6 address allocation strategy, we propose a novel IPv6 network periphery discovery approach. Specifically, XMap, a fast network scanner, is developed to find the periphery, such as a home router. We evaluate it on twelve prominent Internet service providers and harvest 52M active peripheries. Grounded on these found devices, we explore IPv6 network risks of the unintended exposed security services and the flawed traffic routing strategies. First, we demonstrate the unintended exposed security services in IPv6 networks, such as DNS, and HTTP, have become emerging security risks by analyzing 4.7M peripheries. Second, by inspecting the periphery’s packet routing strategies, we present the flawed implementations of IPv6 routing protocol affecting 5.8M router devices. Attackers can exploit this common vulnerability to conduct effective routing loop attacks, inducing DoS to the ISP’s and home routers with an amplification factor of \u0026gt;200. We responsibly disclose those issues to all involved vendors and ASes and discuss mitigation solutions. Our research results indicate that the security community should revisit IPv6 network strategies immediately.\nAuthors. Xiang Li, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Qi Li, Youjun Huang.\nConference. Proceedings of the 2021 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN ‘21)\nPaper. [PDF], [Slides] and [Video].\nPresentation \u0026amp; Impact\nPresented in 2021 West Lake Cybersecurity Conference: Cyberspace Security Tools Presentation\nPresented in Pentester Academy TV\nReferenced by 10+ top-tier security conference papers\nSupporting one patent CN202110502369.2\nThe 2nd Place of 2025 ACSAC Cybersecurity Artifacts Impact Award (First Chinese institution to receive this award)\nCNVD/CNNVD/CVE. (109/5/22)\nCNVD-2021-03270 CNVD-2021-03271 CNVD-2021-03291 CNVD-2021-03312\nCNVD-2021-03318 CNVD-2021-03320 CNVD-2021-03326 CNVD-2021-03327\nCNVD-2021-03328 CNVD-2021-03331 CNVD-2021-03375 CNVD-2021-03376\nCNVD-2021-03380 CNVD-2021-03399 CNVD-2021-03423 CNVD-2021-03424\nCNVD-2021-03425 CNVD-2021-03473 CNVD-2021-03495 CNVD-2021-03503\nCNVD-2021-03505 CNVD-2021-03507 CNVD-2021-03508 CNVD-2021-03511\nCNVD-2021-04817 CNVD-2021-04818 CNVD-2021-04829 CNVD-2021-04830\nCNVD-2021-05370 CNVD-2021-05371 CNVD-2021-05372 CNVD-2021-05373\nCNVD-2021-05374 CNVD-2021-05375 CNVD-2021-05380 CNVD-2021-05435\nCNVD-2021-05470 CNVD-2021-05472 CNVD-2021-05492 CNVD-2021-05493\nCNVD-2021-06623 CNVD-2021-06624 CNVD-2021-06625 CNVD-2021-06626\nCNVD-2021-06627 CNVD-2021-06628 CNVD-2021-06629 CNVD-2021-08384\nCNVD-2021-08385 CNVD-2021-08386 CNVD-2021-08387 CNVD-2021-08388\nCNVD-2021-08389 CNVD-2021-08390 CNVD-2021-08391 CNVD-2021-08394\nCNVD-2021-08395 CNVD-2021-10397 CNVD-2021-10398 CNVD-2021-10399\nCNVD-2021-10400 CNVD-2021-10401 CNVD-2021-10402 CNVD-2021-10403\nCNVD-2021-10404 CNVD-2021-10405 CNVD-2021-10406 CNVD-2021-10407\nCNVD-2021-10408 CNVD-2021-10409 …","date":1617321600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1617321600,"objectID":"57011cea5e687f4650a7cd2857b792c0","permalink":"https://lixiang521.com/project/xmap/","publishdate":"2021-04-02T00:00:00Z","relpermalink":"/project/xmap/","section":"project","summary":"XMap is a fast network scanner designed for performing Internet-wide IPv6 \u0026 IPv4 network research scanning.","tags":["IPv6","XMap"],"title":"XMap: The Internet Scanner","type":"project"},{"authors":["Xiang Li"],"categories":["IPv6"],"content":"注意：请查看GITHUB以获取最新介绍。\nXMap 是一款兼含 IPv6 与 IPv4 网络空间探测功能的快速扫描器，并且也是第一款学术界+工业界中专门用于 IPv6 资产快速扫描的工具。其参考 ZMap 的原理进行开发，从底层完全改写了 ZMap 的核心代码，将 ZMap 在 IPv4 网络空间的多种扫描优势移植到 IPv6 空间，并且结合我们自身最新的研究发现，增添了 IPv6 设备快速发现技术以及多端口扫描功能，且完全兼容 ZMap，具备“5分钟”扫描32位网络空间的能力。\nXMap 适用于 GNU/Linux，Mac OS 和 BSD 操作系统，已经支持 ICMP Echo，TCP SYN 和 UDP 扫描。\n结合应用层扫描工具 ZGrab2, XMap 可以发挥更多的扫描功能。\n安装 XMap 最新版本为 v1.0.0，目前仅支持编译安装。\n安装步骤详见 INSTALL 文件。\n使用 XMap GitHub。\n详细使用步骤见 GitHub Wiki。\n简易实用命令见 USAGE。\n论文 Fast IPv6 Network Periphery Discovery and Security Implications.\nAbstract. Numerous measurement researches have been performed to discover the IPv4 network security issues by leveraging the fast Internet-wide scanning techniques. However, IPv6 brings the 128-bits address space and renders brute-force network scanning impractical. Although significant efforts have been dedicated to enumerating active IPv6 hosts, limited by technique efficiency and probing accuracy, large-scale empirical measurement studies under the increasing IPv6 networks are infeasible now.\nTo fill this research gap, by leveraging the extensively adopted IPv6 address allocation strategy, we propose a novel IPv6 network periphery discovery approach. Specifically, XMap, a fast network scanner, is developed to find the periphery, such as a home router. We evaluate it on twelve prominent Internet service providers and harvest 52M active peripheries. Grounded on these found devices, we explore IPv6 network risks of the unintended exposed security services and the flawed traffic routing strategies. First, we demonstrate the unintended exposed security services in IPv6 networks, such as DNS, and HTTP, have become emerging security risks by analyzing 4.7M peripheries. Second, by inspecting the periphery’s packet routing strategies, we present the flawed implementations of IPv6 routing protocol affecting 5.8M router devices. Attackers can exploit this common vulnerability to conduct effective routing loop attacks, inducing DoS to the ISP’s and home routers with an amplification factor of \u0026gt;200. We responsibly disclose those issues to all involved vendors and ASes and discuss mitigation solutions. Our research results indicate that the security community should revisit IPv6 network strategies immediately.\nAuthors. Xiang Li, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Qi Li, Youjun Huang.\nConference. Proceedings of the 2021 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN ‘21)\nPaper. [PDF], [Slides] and [Video].\n展示和影响\n展示于2021 西湖论剑·网络安全大会：首届国产优秀网络安全工具主题展\n展示于Pentester Academy TV\n被10+安全顶会论文引用\n支撑专利CN202110502369.2\n2025 ACSAC网络安全技术成果影响力奖第二名（中国研究机构首次获得）\nCNVD/CNNVD/CVE. (109/2/22)\nCNVD-2021-03270 CNVD-2021-03271 CNVD-2021-03291 CNVD-2021-03312\nCNVD-2021-03318 CNVD-2021-03320 CNVD-2021-03326 CNVD-2021-03327\nCNVD-2021-03328 CNVD-2021-03331 CNVD-2021-03375 CNVD-2021-03376\nCNVD-2021-03380 CNVD-2021-03399 CNVD-2021-03423 CNVD-2021-03424\nCNVD-2021-03425 CNVD-2021-03473 CNVD-2021-03495 CNVD-2021-03503\nCNVD-2021-03505 CNVD-2021-03507 CNVD-2021-03508 CNVD-2021-03511\nCNVD-2021-04817 CNVD-2021-04818 CNVD-2021-04829 CNVD-2021-04830\nCNVD-2021-05370 CNVD-2021-05371 CNVD-2021-05372 CNVD-2021-05373\nCNVD-2021-05374 CNVD-2021-05375 CNVD-2021-05380 CNVD-2021-05435\nCNVD-2021-05470 CNVD-2021-05472 CNVD-2021-05492 CNVD-2021-05493\nCNVD-2021-06623 CNVD-2021-06624 CNVD-2021-06625 CNVD-2021-06626\nCNVD-2021-06627 CNVD-2021-06628 CNVD-2021-06629 CNVD-2021-08384\nCNVD-2021-08385 CNVD-2021-08386 CNVD-2021-08387 CNVD-2021-08388\nCNVD-2021-08389 CNVD-2021-08390 CNVD-2021-08391 CNVD-2021-08394\nCNVD-2021-08395 CNVD-2021-10397 CNVD-2021-10398 CNVD-2021-10399\nCNVD-2021-10400 CNVD-2021-10401 CNVD-2021-10402 CNVD-2021-10403\nCNVD-2021-10404 CNVD-2021-10405 CNVD-2021-10406 CNVD-2021-10407\nCNVD-2021-10408 CNVD-2021-10409 CNVD-2021-10410 CNVD-2021-10411\nCNVD-2021-10412 CNVD-2021-10413 CNVD-2021-10414 CNVD-2021-10415\nCNVD-2021-10416 CNVD-2021-10417 CNVD-2021-10418 CNVD-2021-10419\nCNVD-2021-10420 CNVD-2021-10421 CNVD-2021-10422 CNVD-2021-10423\nCNVD-2021-10424 CNVD-2021-10425 CNVD-2021-12861 CNVD-2021-12883\nCNVD-2021-12886 CNVD-2021-12887 CNVD-2021-12890 CNVD-2021-13250\nCNVD-2021-13251 CNVD-2021-13252 CNVD-2021-13253 CNVD-2021-13254\nCNVD-2021-13255 CNVD-2021-13256 CNVD-2021-13257 CNVD-2021-13259\nCNVD-2021-13260 CNVD-2021-13261 CNVD-2021-13469 CNVD-2021-16327\nCNVD-2021-16400 CNVD-2021-29189 CNVD-2021-29190 CNVD-2021-29191\nCNVD-2021-29195\nCNNVD-202102-570 CNNVD-202103-1624 CNNVD-202104-652\nCNNVD-202104-659 CNNVD-202104-697\nCVE-2021-3107 CVE-2021-3108 CVE-2021-3112\nCVE-2021-3125 CVE-2021-3128 CVE-2021-3173 CVE-2021-3379\nCVE-2021-21727 CVE-2021-22161 CVE-2021-22162 CVE-2021-22163\nCVE-2021-22164 CVE-2021-22165 CVE-2021-23238 CVE-2021-23268\nCVE-2021-23269 CVE-2021-23270 CVE-2021-23831 CVE-2021-23832\nCVE-2021-23833 CVE-2021-23834 CVE-2021-23898\n","date":1617321600,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":1617321600,"objectID":"a5d5293e2f866bc1d2e2cb0b98a3fc64","permalink":"https://lixiang521.com/zh/project/xmap/","publishdate":"2021-04-02T00:00:00Z","relpermalink":"/zh/project/xmap/","section":"zh","summary":"XMap 是一款兼含 IPv6 与 IPv4 网络空间探测功能的快速扫描器。","tags":["IPv6","XMap"],"title":"网络扫描器：XMap","type":"zh"},{"authors":null,"categories":null,"content":"","date":-62135596800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":-62135596800,"objectID":"f26b5133c34eec1aa0a09390a36c2ade","permalink":"https://lixiang521.com/admin/config.yml","publishdate":"0001-01-01T00:00:00Z","relpermalink":"/admin/config.yml","section":"","summary":"","tags":null,"title":"","type":"wowchemycms"},{"authors":null,"categories":null,"content":"","date":-62135596800,"expirydate":-62135596800,"kind":"page","lang":"en","lastmod":-62135596800,"objectID":"98a9848523c1ee1bf1bfd21f23c0d1b1","permalink":"https://lixiang521.com/zh/admin/config.yml","publishdate":"0001-01-01T00:00:00Z","relpermalink":"/zh/admin/config.yml","section":"zh","summary":"","tags":null,"title":"","type":"wowchemycms"}]