[dns-operations] Massive DNS poisoning attacks in Brazil
warren at kumari.net
Tue Oct 2 19:48:00 UTC 2012
On Oct 2, 2012, at 7:59 AM, Rubens Kuhl <rubensk at nic.br> wrote:
>> Much better and very detailed analysis (by the same author!) So, it
>> was not DNS poisoning at all but a change in the DNS settings of the
>> router, after the box was cracked. (DNSchanger-style)
> DNSSEC alone wouldn't have provided much relief on this, but DNSSEC+DANE+HSTS could. Most of it due to HSTS, but we need to cover the rogue CA attack-vector.
DNSSEC on the *host / stub* would have though.
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> dns-jobs mailing list
More information about the dns-operations