[dns-operations] BGP Hijack of Amazon DNS
Dave Lawrence
tale at dd.org
Fri Apr 27 15:30:32 UTC 2018
Paul Ebersman writes:
> A rather crucial point... If I'm going to cache poison, I'm going to set
> really really large TTLs on the bad records.
Yes and no.
If I'm doing a well-informed spear phishing attack, I'm going to put a
really short TTL on address records, so any evidence will quickly
expire from the cache and likely be much harder or even impossible to
find elsewhere.
More information about the dns-operations
mailing list