Help Understanding Cache Poisoining
Barry Margolin
barmar at alum.mit.edu
Tue Nov 28 03:06:16 UTC 2006
In article <ekas3n$2ala$1 at sf1.isc.org>,
"Will" <westes-usc at noemail.nospam> wrote:
> But the question was *how* does that poisoining happen? I see how a
> hacker can do a denial of service attack, but not how they can get the
> resolver to enter in bad values.
Often cache poisoning requires the resolver to look up names in a
particular domain that's legitimately delegated to the poisoner's
servers. The response to that query contains the "poison" data that
gets entered into the cache.
With a closed recursive server, you have to get one of the ISP's
customers to try to look up this domain -- maybe infect him with a
virus, use a domain that's a misspelling of a common domain, send him
spam with a link to your domain, etc.
But with an open server, all you have to do is send a query to the
server.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list