Unusual File Systems

There is a wide variety of file systems that store files on remote servers. NFS is very popular in the Unix world while Samba allows Windows clients to store files on Unix servers. Besides those regular file systems, some networkers have developed special file systems that use or abuse popular Internet protocols. A first example is pingfs, a filesystem that relies on ICMP request/response packets sent by the popular ping software to “store” information inside the network itself. To store a file, pingfs needs to split it in packets that are sent on a regular basis to remote hosts that return ICMP messages. This file is then “stored” as packets that are flying through the network but the entire file does not reside on a disk somewhere.

Another approach was recently announced by Ben Cox. While doing measurements with Ripe Atlas, he found that DNS resolvers could cache information for a long period of time, possibly up to one day. DNS resolvers are supposed to be managed by companies and Internet Service Providers and their usage should be restricted to the employees of the companies or the clients of the ISP. However, many users install DNS resolvers and leave them entirely open. Any one can use those resolvers from any IP address. These open resolvers are a security problem because they can be exploited by attackers who use them as reflectors to launch Denial of Service attacks. Ben Cox found almost four million open DNS resolvers in a recent study. From this list, he identified more than 400k open DNS resolvers that would cache TXT records for a long period of time, up to one day. He identified the most popular software and their default configuration and concluded that he could store 9 TXT records of 250 bytes encoded in Base64 format on each open DNS resolver. With that, he built dnsfs using FUSE.

A demo of his software may be found at : https://blog.benjojo.co.uk/asset/X9m9cwjals

pingfs and dnsfs are examples of how Internet protocols can be abused. These tools could work for a few Internet users, but don’t plan on deploying them at a large scale…

Written on January 14, 2018