[dns-operations] BGP Hijack of Amazon DNS
Stephane Bortzmeyer
bortzmeyer at nic.fr
Sat Apr 28 17:16:14 UTC 2018
On Fri, Apr 27, 2018 at 11:30:32AM -0400,
Dave Lawrence <tale at dd.org> wrote
a message of 16 lines which said:
> If I'm doing a well-informed spear phishing attack, I'm going to put
> a really short TTL on address records, so any evidence will quickly
> expire from the cache
>From the various domain name hijackings that I observed, I tend to
think that the typical actual attacker, *today*, does not really
understand the TTL and its use, and leaves the default TTL.
More information about the dns-operations
mailing list