Security News > 2023 > August > MaginotDNS attacks exploit weak checks for DNS cache poisoning
A team of researchers from UC Irvine and Tsinghua University has developed a new powerful cache poisoning attack named 'MaginotDNS,' that targets Conditional DNS resolvers and can compromise entire TLDs top-level domains.
The concept of DNS cache poisoning is injecting forged answers into the DNS resolver cache, causing the server to direct users who enter a domain to incorrect IP addresses, potentially leading them to malicious websites without their knowledge.
These attacks have been mitigated by adding defenses into the resolvers' implementation, rendering off-path attacks challenging.
Because the two share the same global DNS cache, an attack on the forwarder mode can open the path to breaching the recursive mode, essentially breaking the DNS cache protection boundary.
For these attacks, the threat actor needs to predict the source port and the transaction ID used by the target's recursive DNS servers when generating a request and then use a malicious DNS server to send forged responses with the correct parameters.
The researchers shared the following video demonstrating the MaginotDNS attack on Microsoft DNS. Scanning for vulnerable CDNS. The researchers scanned the internet and found 1,200,000 DNS resolvers, of which 154,955 are CDNS servers.