DNS/GhostDomainNames DNS/鬼域名

-- ToshinoriMaeno 2012-02-14 06:56:05

1. Ghost Domain Names

The exploit was presented at the NDSS conference: http://www.internetsociety.org/events/ndss-symposium-2012/symposium-program/feb08

Ghost Domain Names: Revoked Yet Still Resolvable http://netsec.ccert.edu.cn/duanhx/files/2010/12/ghostdomain-2012-02-08-export-with-build.pdf

"exploits a vulnerability in DNS cache update policy, which prevents effective domain name revocation. Attackers could cause a malicious domain name to be continuously resolvable even after the delegated data has been deleted from the domain registry and after the TTL associated with entry supposedly expires."



「キャッシュの上書きの条件」というよりも、「いつまで有効か」についての考察が重要だ。-- ToshinoriMaeno 2012-02-17 13:05:00