DNS Cache Poisoning (3)

• DNS cache attack affects all versions of BIND and Windows NT Server DNS

• Defense

  • decrease TTL
  • use hard to predict Query ID #
  • digitally sign DNS records
  • use SSL / HTTPS for important transactions
  • protect DNS server
  • use suspicious activity detection software

Previous slide

Next slide

Back to first slide

View graphic version