[dns-operations] Massive DNS poisoning attacks in Brazil

Olaf Kolkman olaf at NLnetLabs.nl
Mon Nov 7 14:11:00 UTC 2011

On Nov 7, 2011, at 2:01 PM, Stephane Bortzmeyer wrote:

> One sentence at the end seems to indicate it has nothing to do with
> DNS poisoning but that the cracker was able to hijack the router (in
> which cas all your bets are off).

Yes, and that sentence refers to CPE hacks. On the other hand the last sentence of the second paragraph mentions ISP recursive name servers.

All the same it occurs to me that DNSSEC validation at the host would have prevented this (if the authoritative zones in questions would have been signed).



Olaf M. Kolkman                        NLnet Labs


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2210 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20111107/81c01df8/attachment.bin>

More information about the dns-operations mailing list