[dns-operations] difference between dns spoofing and dns hijacking?

Tony Finch dot at dotat.at
Thu Aug 2 10:19:12 UTC 2018

Grant Taylor <gtaylor at tnetconsulting.net> wrote:
> Someone uses BGP to "hijack" (read: unauthorized control of) a /24 prefix, say
>, so that they can "spoof" (pretend to be) the DNS server,
> to "poison" DNS caches with bad (malicious) information.
> Is this a "hijack" or a "spoof" or a "poison" attack?

It's a BGP hijack, whereas I tend to think of a DNS hijack as being a
domain registration hijack. Really, "hijack" is not specific enough that
you can use it by itself and expect people to understand exactly what you
are talking about.

"Spoof" is also way too vague to be meaningful by itself. In this case you
could maybe argue that you're spoofing a BGP route advertisement, but you
don't need to use packet spoofing techniques to generate the malicious DNS

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
protect and enlarge the conditions of liberty and social justice

More information about the dns-operations mailing list