[dns-operations] Massive DNS poisoning attacks in Brazil
jim at rfc1035.com
Mon Nov 7 14:18:41 UTC 2011
On 7 Nov 2011, at 13:20, Michele Neylon :: Blacknight wrote:
> So would RPKI etc., have helped in that instance?
Maybe. Though obviously this would depend on whether the routes
announced from the cracked router(s) had ROAs and how many ISPs were/
are using Secure BGP. However let's not go down that rat-hole.
Securing the routing infrastructure and reducing the scope/impact of
DNS cache poisioning attacks are two very different things. Both need
to be done. RPKI helps* with the former and DNSSEC with the latter.
The impact of route spoofing on this cache poisoning is hard to assess
from the info that's been provided. It doesn't look as if the bad guys
are redirecting DNS traffic or getting the DNS to return answers which
point at spoofed addresses/routes. If http://threatpost.com/en_us/blogs/major-dns-cache-poisoning-attack-hits-brazilian-isps-110711
is true, the attack appears to be a vanilla cache poisoning attack
which gets the gullible to install a naughty Java applet.
*For some definition of help that does not need to be debated here.
More information about the dns-operations