[dns-operations] difference between dns spoofing and dns hijacking?

John Levine johnl at taugh.com
Thu Aug 2 18:43:03 UTC 2018

In article <alpine.DEB.2.20.1808021112290.3596 at grey.csi.cam.ac.uk> you write:
>> Is this a "hijack" or a "spoof" or a "poison" attack?

If I were defining these things, which I don't at this point think I
am, I'd say a DNS hijack involved taking over the legitimate owner's
facilities such as a registrar account or DNS server to inject false
data.  A spoof injects false data by tricking the recipient to accept
data from an illegitimate source.  

If we wanted to try and distinguish poison from spoof, I'd wave my
hands and say that poison somehow involves piggybacking bad data on
good data.


More information about the dns-operations mailing list