[dns-operations] Massive DNS poisoning attacks in Brazil

Jim Reid jim at rfc1035.com
Mon Nov 7 14:18:41 UTC 2011

On 7 Nov 2011, at 13:20, Michele Neylon :: Blacknight wrote:

> So would RPKI etc., have helped in that instance?

Maybe. Though obviously this would depend on whether the routes  
announced from the cracked router(s) had ROAs and how many ISPs were/ 
are using Secure BGP. However let's not go down that rat-hole.  
Securing the routing infrastructure and reducing the scope/impact of  
DNS cache poisioning attacks are two very different things. Both need  
to be done. RPKI helps* with the former and DNSSEC with the latter.

The impact of route spoofing on this cache poisoning is hard to assess  
from the info that's been provided. It doesn't look as if the bad guys  
are redirecting DNS traffic or getting the DNS to return answers which  
point at spoofed addresses/routes. If http://threatpost.com/en_us/blogs/major-dns-cache-poisoning-attack-hits-brazilian-isps-110711 
  is true, the attack appears to be a vanilla cache poisoning attack  
which gets the gullible to install a naughty Java applet.

*For some definition of help that does not need to be debated here.

More information about the dns-operations mailing list