Options
DNS Spoofing vs DNS Cache Poisoning
I've been studying for my Sec+ and so far I haven't found a good, concise, clear answer as to the difference between these two. Most places I've looked seem to jumble them together. The practice test here for Sec+ even has a wrong answer (at least according to some posters).
Here's what I think they each are. Let me know if you agree.
DNS Spoofing: Setting up your own machine to pretend to be a legitmate DNS server directing traffic where ever you'd like it to go.
DNS Cache Poisoning: When a DNS server accepted caching information from an unauthorized source, such as an attacker, to re-route some or all traffic from that DNS to, or through, the attacker. (e.g. making www.techexams.net go to youvebeenhackedsucka.com)
Correct? Mostly?
Here's what I think they each are. Let me know if you agree.
DNS Spoofing: Setting up your own machine to pretend to be a legitmate DNS server directing traffic where ever you'd like it to go.
DNS Cache Poisoning: When a DNS server accepted caching information from an unauthorized source, such as an attacker, to re-route some or all traffic from that DNS to, or through, the attacker. (e.g. making www.techexams.net go to youvebeenhackedsucka.com)
Correct? Mostly?
Comments
-
Options
phoeneous
Member Posts: 2,333 ■■■■■■■□□□
Sounds good to me. I'm going to start sec+ next month, I think I'm going to lab up this scenario and post back how it goes. -
Options
Devilsbane
Member Posts: 4,214 ■■■■■■■■□□
That sounds right to me. I think general ip spoofing can fall under cache posisoning too. If I can make the dns think that I am part of the domain, it will turn over all of the zone data which I can use to map out an attack.Decide what to be and go be it.