DNS Cache Poisoning


The Measurement Factory, together with the Cooperative Association for Internet Data Analysis (CAIDA), performed a study investigating the scope of the perceived "DNS cache poisoning" issue. They investigated more than 6 million domain names and found a mere 284 that had any indication of performing poisoning attacks. They classified five indications of such attacks and stated they "found few fours and no fives," meaning none of the 284 performed all five indications.

The bottom line here is that they believe the majority of domains that perform any poisoning do so either out of laziness or stupidity. Rather than being intentionally criminal, the creators of the zones have made mistakes that subsequently could poison queries. Some of the 284 domains have actually been poisoned themselves. Microsoft Certified Professional Magazine Online | Column: DNS Cache Poisoning

Linked by shanmuga Monday, 20th March 2006 11:33PM