Download presentation
Presentation is loading. Please wait.
1
DNS Cache Poisoning
2
How DNS Works Cached, or look … Who is ‘twitter.com’?
“Authoritative” DNS Server Name IP
3
How DNS Works (spoofed)
Cached, or look … Who is ‘twitter.com’? “Authoritative” DNS Server Name IP ? Name IP Fake DNS response to insert bogus name lookup into cache
4
Cache TTL DNS servers also have a “Time to Live”
Basically, how long to keep the cached data By modifying TTL, the spoofed data can stay in the cache much longer, extending the time of the attack!
5
A famous but almost intentional attack
Cached, or look … Who is ‘twitter.com’? Network traffic in China is restricted by blocking certain sites The country level DNS server is one way sites like twitter may be blocks by redirecting traffic All Chinese network traffic The IPS started pointing to the Chinese DNS server, effectively spoofing itself! “Authoritative” DNS Server [China] If twitter.com, redirect to Chinese page Non Chinese IPS Normal DNS Server
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.