pharming.. dns cache insertion...
Barry Margolin
barmar at alum.mit.edu
Fri Apr 8 00:42:36 UTC 2005
In article <d34ii4$ovt$1 at sf1.isc.org>,
"bruce" <bedouglas at earthlink.net> wrote:
> hi...
>
> forgive me for what might be a basic/obvious question...
>
> i've started seeing articles that talk about pharming, and dns insertion,
> for use by hackers. can someone explain to me (or point to
> articles/information that can) how someone can modify a dns server, aside
> from physically/remotely accessing the server to insert/update information?
>
> i must be missing something here....
Sometimes you can trick servers into caching incorrect delegation data
that you include in your response to a normal query.
Another way is if you can sniff or predict an outgoing request from a
DNS server, you can forge a reply to it. If your reply arrives before
the real reply, it will be used instead.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list