[dns-operations] Massive DNS poisoning attacks in Brazil
Rubens Kuhl
rubensk at nic.br
Tue Oct 2 11:59:09 UTC 2012
>
> Much better and very detailed analysis (by the same author!) So, it
> was not DNS poisoning at all but a change in the DNS settings of the
> router, after the box was cracked. (DNSchanger-style)
>
> http://www.securelist.com/en/blog/208193852/The_tale_of_one_thousand_and_one_DSL_modems
> ______________________________________________
DNSSEC alone wouldn't have provided much relief on this, but DNSSEC+DANE+HSTS could. Most of it due to HSTS, but we need to cover the rogue CA attack-vector.
Rubens
More information about the dns-operations
mailing list