[nsp-sec] DNS poisoning activity in the wild
Florian Weimer
fweimer at bfk.de
Wed Jul 30 11:03:29 EDT 2008
* Jose Nazario:
> after seeing hdm blog this:
>
> | After seeing the SBC/ATT server for Austin get poisoned, serve up |
> advertisements, and eventually get taken offline, I decided to add a |
> module to compare DNS results between two servers.
>
> via http://blog.metasploit.com/2008/07/checking-for-cache-poisoning.html
HD Moore had publicly visible ARP poisoning issues on his networks
before. IMHO, it's not necessarily one of the new attacks. And the
alleged bad data in the AT&T caches hasn't been reported elsewhere.
> now, hdm did this as a proof of concept. but i have to wonder: how
> much actual DNS poisoning is occurring and where is it coming from?
I only see scans supposedly from researchers, but I'm not really
tracking this.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list