DNS cache poisoning, the Internet attack from 2008, is back from the dead

by
Dan Goodin
from Ars Technica - All content on (#5A9N4)
internet-address-800x514.jpg

Enlarge (credit: Henrik 5000 / Getty Images)

In 2008, researcher Dan Kaminsky revealed one of the more severe Internet security threats ever: a weakness in the domain name system that made it possible for attackers to send users en masse to imposter sites instead of the real ones belonging to Google, Bank of America, or anyone else. With industrywide coordination, thousands of DNS providers around the world installed a fix that averted this doomsday scenario.

Now, Kaminsky's DNS cache poisoning attack is back. Researchers on Wednesday presented a new technique that can once again cause DNS resolvers to return maliciously spoofed IP addresses instead of the site that rightfully corresponds to a domain name.

This is a pretty big advancement that is similar to Kaminsky's attack for some resolvers, depending on how [they're] actually run," said Nick Sullivan, head of research at Cloudflare, a content-delivery network that operates the 1.1.1.1 DNS service. This is amongst the most effective DNS cache poisoning attacks we've seen since Kaminsky's attack. It's something that, if you do run a DNS resolver, you should take seriously."

Read 15 remaining paragraphs | Comments

index?i=cmMkOipTQJg:gwsshxLJF9c:V_sGLiPB index?i=cmMkOipTQJg:gwsshxLJF9c:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments