DNS cache poisoning, the Internet attack from 2008, is back from the dead
A newly found side channel in a widely used protocol lets attackers spoof domains. …
reader comments
61 with 41 posters participating
In 2008, researcher Dan Kaminsky revealed one of the more severe Internet security threats ever: a weakness in the domain name system that made it possible for attackers to send users en masse to imposter sites instead of the real ones belonging to Google, Bank of America, or anyone else. With industrywide coordination, thousands of DNS providers around the world installed a fix that averted this doomsday scenario.
Now, Kaminsky’s DNS cache poisoning attack is back. Researchers on Wednesday presented a new technique that can once again cause DNS resolvers to return maliciously spoofed IP addresses instead of the site that rightfully corresponds to a domain name.
“This is a pretty big advancement that is similar to Kaminsky’s attack for some resolvers, depending on how [they’re] actually run,” said Nick Sullivan, head of research at Cloudflare, a content-delivery network that operates the 1.1.1.1 DNS service. “This is amongst the most effective DNS cache poisoning attacks we’ve seen since Kaminsky’s attack. It’s something that, if you do run a DNS resolver, you should take seriously.”
DNS primer
When people send emails, browse a website, or do just about anything else on the Internet, their devices need a way to translate a domain name into the numerical IP address servers used to locate other servers. The first place a device will look is a DNS resolver, which is a server or group of servers that typically belong to the ISP, corporation, or large organization the user is connected to.
In the event another user of the ISP or organization has recently
Continue reading – Article source