[dns-operations] Massive DNS poisoning attacks in Brazil
rubensk at nic.br
Tue Oct 2 11:59:09 UTC 2012
> Much better and very detailed analysis (by the same author!) So, it
> was not DNS poisoning at all but a change in the DNS settings of the
> router, after the box was cracked. (DNSchanger-style)
DNSSEC alone wouldn't have provided much relief on this, but DNSSEC+DANE+HSTS could. Most of it due to HSTS, but we need to cover the rogue CA attack-vector.
More information about the dns-operations