nanog mailing list archives

Re: DNS cache poisoning attacks -- are they real?

From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Sun, 27 Mar 2005 16:59:33 +0530


On Sat, 26 Mar 2005 17:52:56 -0500 (EST), Sean Donelan <sean () donelan com> wrote:


On the other hand, there are a lot of reasons why a DNS operator may
return different answers to their own users of their resolvers.  Reverse
proxy caching is very common. Just about all WiFi folks use cripple
DNS as part of their log on. Or my favorite, quarantining infected
computers to get the attention of their owners.


I hate that cripple dns stuff - they seem to add transparent proxying
of dns requests to it as well, sometimes.

I've seen cases where my laptop's local resolver (dnscache) suddenly
starts returning weird values like 1.1.1.1, 120.120.120.120 etc for
*.one-of-my-domains.com for some reason.

Thank $DEITY for large ISPs running open resolvers on fat pipes ..
those do come in quite handy in a resolv.conf sometimes, when I run
into this sort of behavior.

--srs

Current thread:

Re: DNS cache poisoning attacks -- are they real?, (continued)
- - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 26)
    - Re: DNS cache poisoning attacks -- are they real? Sean Donelan (Mar 26)
    - Re: DNS cache poisoning attacks -- are they real? Jeff Kell (Mar 26)
  - Re: DNS cache poisoning attacks -- are they real? Joe Abley (Mar 26)
    - Re: DNS cache poisoning attacks -- are they real? Sean Donelan (Mar 26)
    - Re: DNS cache poisoning attacks -- are they real? Joe Abley (Mar 26)
    - Re: DNS cache poisoning attacks -- are they real? Niels Bakker (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Edward Lewis (Mar 28)
    - Re: DNS cache poisoning attacks -- are they real? Christopher L. Morrow (Mar 26)
  - Re: DNS cache poisoning attacks -- are they real? Suresh Ramasubramanian (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Randy Bush (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Christopher L. Morrow (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 28)
    - Re: DNS cache poisoning attacks -- are they real? Randy Bush (Mar 28)
    - Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 28)
    - Re: DNS cache poisoning attacks -- are they real? Simon Waters (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 29)
    - Message not available
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 30)
    - Re: DNS cache poisoning attacks -- are they real? Chris Brenton (Mar 29)

(Thread continues...)