North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DNS cache poisoning attacks -- are they real?
On Mon, 2005-03-28 at 01:04, John Payne wrote: > > And to Randy's point about problems with open recursive nameservers... > abusers have been known to cache "hijack". Register a domain, > configure an authority with very large TTLs, seed it onto known open > recursive nameservers, update domain record to point to the open > recursive servers rather than their own. Wammo, "bullet proof" dns > hosting. I posted a note to Bugtraq on this process about a year and a half ago as at the time I noticed a few spammers using this technique. Seems they were doing this to protect their NS from retaliatory attacks. http://cert.uni-stuttgart.de/archive/bugtraq/2003/09/msg00164.html Large TTLs only get you so far. All depends on the default setting of max-cache-ttl. For Bind this is 7 days. MS DNS is 24 hours. Obviously spammers can do a lot of damage in 7 days. :( HTH, Chris
|