Security News > 2023 > August > MaginotDNS attacks exploit weak checks for DNS cache poisoning
![MaginotDNS attacks exploit weak checks for DNS cache poisoning](/static/build/img/news/maginotdns-attacks-exploit-weak-checks-for-dns-cache-poisoning-medium.jpg)
A team of researchers from UC Irvine and Tsinghua University has developed a new powerful cache poisoning attack named 'MaginotDNS,' that targets Conditional DNS resolvers and can compromise entire TLDs top-level domains.
The concept of DNS cache poisoning is injecting forged answers into the DNS resolver cache, causing the server to direct users who enter a domain to incorrect IP addresses, potentially leading them to malicious websites without their knowledge.
These attacks have been mitigated by adding defenses into the resolvers' implementation, rendering off-path attacks challenging.
Because the two share the same global DNS cache, an attack on the forwarder mode can open the path to breaching the recursive mode, essentially breaking the DNS cache protection boundary.
For these attacks, the threat actor needs to predict the source port and the transaction ID used by the target's recursive DNS servers when generating a request and then use a malicious DNS server to send forged responses with the correct parameters.
The researchers shared the following video demonstrating the MaginotDNS attack on Microsoft DNS. Scanning for vulnerable CDNS. The researchers scanned the internet and found 1,200,000 DNS resolvers, of which 154,955 are CDNS servers.
News URL
Related news
- Hackers exploit LiteSpeed Cache flaw to create WordPress admins (source)
- Microsoft fixes a bug abused in QakBot attacks plus a second under exploit (source)
- GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack (source)
- Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern (source)
- New Attack Technique Exploits Microsoft Management Console Files (source)
- New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities (source)