[dns-operations] BGP Hijack of Amazon DNS

Dave Lawrence tale at dd.org
Fri Apr 27 15:30:32 UTC 2018

Paul Ebersman writes:
> A rather crucial point... If I'm going to cache poison, I'm going to set
> really really large TTLs on the bad records.

Yes and no.

If I'm doing a well-informed spear phishing attack, I'm going to put a
really short TTL on address records, so any evidence will quickly
expire from the cache and likely be much harder or even impossible to
find elsewhere.

More information about the dns-operations mailing list