[dns-operations] difference between dns spoofing and dns hijacking?
John Levine
johnl at taugh.com
Thu Aug 2 18:43:03 UTC 2018
In article <alpine.DEB.2.20.1808021112290.3596 at grey.csi.cam.ac.uk> you write:
>> Is this a "hijack" or a "spoof" or a "poison" attack?
If I were defining these things, which I don't at this point think I
am, I'd say a DNS hijack involved taking over the legitimate owner's
facilities such as a registrar account or DNS server to inject false
data. A spoof injects false data by tricking the recipient to accept
data from an illegitimate source.
If we wanted to try and distinguish poison from spoof, I'd wave my
hands and say that poison somehow involves piggybacking bad data on
good data.
R's,
John
More information about the dns-operations
mailing list