DNS cache poisoning. How to find a villain?

I

Igor2011-12-28 09:10:36

Domain Name System

Igor, 2011-12-28 09:10:36

From time to time I observe such a situation:

What does this have to do with different sites. Once every few months or weeks.

And it happens like this:
The local computer is NATed through the Linksys WRT160N. It is also registered as a DNS server. This router has a DNS provider. Is it possible to find by means of this Linksys or packet analysis who and how replaces the DNS cache ? Is the attack on my router or one of the ISP's routers?

When I register myself on the local host as a Google DNS (8.8.8.8), this does not happen

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

M

mob, 2011-12-28
@mob

most likely, this is not an attack, but what the implementation of a service like GGC (Google Global Cache) looks like, only for Facebook. Large companies host their servers with content on the sites of leading operators, Facebook in this case knows that the requested content is on its servers from your provider and returns their IP in the DNS response.
Here is a more detailed example of GGC - habrahabr.ru/blogs/google/93864/ .
I have a large technical dock from a well-known company that hosts its caches on wire sites, but I cannot share it with it, because it is strictly confidential.

M

Mikhail Lyalin, 2011-12-28
@mr_jok

contact the provider

I

Igor, 2011-12-28
@shanker

I'm interested in the technical side of the issue.
If the provider's servers are attacked, I won't know about it. Is that how it works?
What if the router is attacked? How can I find out about it?