[dns-operations] BGP Hijack of Amazon DNS

Stephane Bortzmeyer bortzmeyer at nic.fr
Sat Apr 28 17:16:14 UTC 2018

On Fri, Apr 27, 2018 at 11:30:32AM -0400,
 Dave Lawrence <tale at dd.org> wrote 
 a message of 16 lines which said:

> If I'm doing a well-informed spear phishing attack, I'm going to put
> a really short TTL on address records, so any evidence will quickly
> expire from the cache

>From the various domain name hijackings that I observed, I tend to
think that the typical actual attacker, *today*, does not really
understand the TTL and its use, and leaves the default TTL.

More information about the dns-operations mailing list