Interesting to see a feature in the Financial Times this week about how DNS cache poisoning is starting to become a serious problem.
DNS cache poisoning is where a hacker inserts a fake address record for a legitimate Internet domain into a DNS server so that, when a user taps in a search string into their browser, they end up on a Web
site (usually) controlled by the hacker.
The problem with this type of attack is that punters have no idea they're being re-routed to a hacker-controlled site and, if the site looks like the real thing, all sorts of man-in-the-middle attacks start to rear their ugly head.
What's interesting about the FT piece is that the author has really done his homework and explained the modus operandi of the hackers when it comes to successfully poison the DNS cache.
This is normally achieved by guessing the 16 bit Query ID that uniquely identifies each query, and the UDP port used for the query.
Beating the problem isn't rocket science, but it does increase the load on the host server.
Anyway, don't take my word for this - have a peek at the FT piece here...