Talk:DNS spoofing

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computer Security / Computing   
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 
WikiProject Computing  
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
 

Not Clear[edit]

The explanation about the poisoning techniques is not clear. Splendour 07:02, 28 June 2006 (UTC)

An example would help greatly. Nikle-on-wikipedia 17:59, 29 December 2006 (UTC)

Invalid Information[edit]

Under prevention and mitigation it is stated that end-to-end validation can be performed once a connection is setup. This isn't entirely true because DNS uses UDP for many of its queries which is a connectionless protocol there is no transport layer connection set up. However, public/private key transaction signatures can be used to validate queries.

Responding before the real nameserver[edit]

Reference to "birthday attack" was removed. A birthday attack applies to a situation where you try something n times and the number of opportunities for success is proportional to n^2 (typically because there is an opportunity for success for each pair of things you try). In this case the number of opportunities for success (fooling the target DNS into believing your answer is the right one) is simply proportional to n (the number of spoof replies you send to it). —Preceding unsigned comment added by 89.241.154.128 (talk) 10:01, 30 July 2008 (UTC)

This isn't quite correct. Some DNS cache poisoning attacks do use the birthday paradox effect. They send out n requests at the same time along with n spoofed replies. Since the replies are all received at around the same time, you get the n^2 factor increase in success. Wrs1864 (talk) 16:49, 12 September 2008 (UTC)

External links[edit]

I took the liberty of nuking the external links that have been an eyesore for over a year. Some appear to be good reference candidates, so I'm leaving them here. If you use one as a reference (or find one to be useless spammery), please delete it from this post. Krushia (talk) 01:17, 8 February 2013 (UTC)