A Taxonomy of Cache Poisoning Attacks?
Cricket Liu
cricket at acmebw.com
Thu Aug 24 16:59:21 UTC 2000
> Anyone knows a good resource that list all the kinds of
> cache poisoning attacks and the security measures that need to be taken
> to prevent them? (either historically, in the BIND code, or things an
> administrator should do).
No.
> So far, by reading this list archives and searching the web, I
> think that cache poisoning attacks are:
>
> - Done by spoofing nameserver answers (DNS id prediction): this
> cant be solved. Best thing a sysadmin can do is to limit recursive queries
> to a group of "trusted" nets, or at least ones where its easy to find
> people doing this and slap them.
You could also configure TSIG between your name server and important
remote name servers, assuming the administrators of the remote name
servers were willing.
> - Done by adding an answer section to a query: this is fixed in
> newer BIND versions.
I'm not sure what you mean by this. Queries don't have an answer
section, and if they did, what effect would that have upon the
queried name server?
> - Done by sending bogus information in the additional info
> section: this is something I'm not 100% clear about. It seems possible, it
> also seems BIND takes some measures against it, but it seems also to be
> fundamentally impossible to fix till DNSSEC is out. This is one
> kind of attack I would like more info.
BIND 4.9.7 and 8.1.2 included code to ignore unrelated records
included in the additional data section.
cricket
More information about the bind-users
mailing list