[dns-operations] A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Renee Burton rburton at infoblox.com
Wed Feb 27 12:12:00 UTC 2019


> On 2019-02-23 10:17 PM, Bill Woodcock wrote>

>>The main thing so far has been switching the VPN to “always on” setting.  It sometimes causes devices to run through battery really fast, when you roam onto a network that blocks VPN traffic, and apps go crazy trying to reconnect

Bill,

Very interesting comments over all. Thanks for adding to the articles.

At a conference in New Orleans this January I found that the hotel wifi let me change the DNS resolvers, but hijacked port 53 and spoofed the replies. Following previous conversations I’ve had with Stéphane Bortzmeyer, I tested and was able to receive responses from non-existent resolvers. BoAs with many hotel situations, I couldn’t get reasonable service with the full VPN, and the split-VPN worked fine – except for the fact that they were jacking my DNS.  I find this behavior extraordinarily unethical and easily able to fool most people who might think they are in their private network. This seemed identical to the reporting in the July 2018 paper: “Who is Answering my DNS Queries” , though most of their research was done in China. https://www.usenix.org/conference/usenixsecurity18/presentation/liu-baojun

Renée


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190227/8e08b50c/attachment.html>


More information about the dns-operations mailing list