SANS reports DNS poisoning attacks

By Derek Sooman on
Worrying news of the evils of DNS cache poisoning attacks have been reported by the legendary SANS Internet Storm Center, who watch over the Internet like angels. Such attacks work by injecting false information into the DNS caches of compromised servers, effectively causing them to reroute traffic away from legitimate sites toward false ones.

In the case of this attack, compromised servers were pointed to an incorrect address for the root entries for the entire .com domain, allowing the hijackers to reroute traffic to any server with a .com address.

The people responsible for the attack seem to have used multiple methods including DNS poisoning, bugs in products from both Microsoft Corp. and Symantec Corp., and spyware to do their terrible deeds.

"After monitoring the situation for several weeks now, it has become apparent that the attackers are changing their methods and toolset to point at different compromised servers in an effort to keep the attacks alive. This attack morphed into a similar attack with different IP addresses that users were re-directed towards." - Kyle Haugsness, incident handler at SANS.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.