[dns-operations] BGP Hijack of Amazon DNS

Paul Ebersman list-dns-operations at dragon.net
Fri Apr 27 15:51:51 UTC 2018

ebersman> A rather crucial point... If I'm going to cache poison, I'm
ebersman> going to set really really large TTLs on the bad records.

tale> Yes and no.

tale> If I'm doing a well-informed spear phishing attack, I'm going to
tale> put a really short TTL on address records, so any evidence will
tale> quickly expire from the cache and likely be much harder or even
tale> impossible to find elsewhere.

Fair enough. Depends on the goal of the attack. Though it sounds like
this wasn't all that well informed, as it required users to be oblivious
to warnings. Which isn't *always* a given. ;)

But there are certain attacks where having fake auth servers and cache
poisoning makes it much more effective and DNSSEC is a good defense
against cache poisoning.

Point still is defense in depth isn't a waste of time.

More information about the dns-operations mailing list