Firewalls: Re: DNS cache attack

Firewalls
(February 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Re: DNS cache attack
From:	Fyodor <fygrave @ freenet . bishkek . su>
Date:	Mon, 9 Feb 1998 17:27:12 -0500 (GMT+5)
To:	Dave Santeramo <santercon @ mail . clarityconnect . com>
Cc:	"'firewalls mailing list'" <firewalls @ GreatCircle . COM>
In-reply-to:	<3 . 0 . 5 . 32 . 19980205194310 . 007a3690 @ mail . clarityconnect . com>
Reply-to:	fygrave @ usa . net

On Thu, 5 Feb 1998, Dave Santeramo wrote:

> 
> Recently my employers started to have random porn images appearing
> on WWW browsers.  I concluded that the cache was corrupt and the 
> best course of action was to dump the cache server.  I read the 
> announcement from the DOE and suspect we were victims of a cache 
> poisoning attack.  Does anyone have any good info regarding such an
> attack?
> Dave 
> 

 I think, there is source code demonstrrating such kind of attack at
http://www.rootshell.com, not sure if it works exactly this way, but there
are similarities.

References:

DNS cache attack
From: Dave Santeramo <santercon @ mail . clarityconnect . com>

Indexed By Date	Previous:	Re: What app uses port #7? From: "H. Morrow Long" <morrow . long @ yale . edu>
Indexed By Date	Next:	Re: SGi Gauntlet and E-Mail From: Josef Pojsl <sec @ skynet . cz>
Indexed By Thread	Previous:	DNS cache attack From: Dave Santeramo <santercon @ mail . clarityconnect . com>
Indexed By Thread	Next:	Re: DNS cache attack From: luigi @ zeropiu . it (Luigi Porro)