Técnica de ataque contra el servicio DNS. Consiste
en enviarle información falsa haciéndole creer que procede de una fuente
fiable. Si el DNS cae en el engaño, contribuirá a difundir la falsa
información.
Cache poisoning, also called
domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of
an Internet server's domain name system table by replacing an Internet address
with that of another, rogue address. When a Web user seeks the page with that
address, the request is redirected by the rogue entry in the table to a
different address. At that point, a worm, spyware, Web browser hijacking
program, or other malware can be downloaded to the user's computer from the
rogue location.
http://whatis.techtarget.com/
A clever technique that
tricks your DNS server into believing it has received authentic information
when, in reality, it has been lied to. Why would an attacker corrupt your DNS
server's cache? So that your DNS server will give out incorrect answers that
provide IP addresses of the attacker's choice, instead of the real addresses.
Imagine that someone decides to use the Microsoft Update Web site to get the
latest Internet Explorer patch. But, the attacker has inserted phony addresses
for update.microsoft.com in your DNS server, so instead of being taken to
Microsoft's download site, the victim's browser arrives at the attacker's site
and downloads the latest worm.
http://www.watchguard.com/glossary/
Malicious or misleading data
from a remote name server is saved [cached] by another name server. Typically
used with DNS cache poisoning attacks.
http://www.sans.org/security-resources/glossary-of-terms/
An attacker modifies a public
DNS cache to cause certain names to resolve to incorrect addresses that the
attacker specifies. The result is that client applications that rely upon the
targeted cache for domain name resolution will be directed not to the actual
address of the specified domain name but to some other address. Attackers can
use this to herd clients to sites that install malware on the victim's computer
or to masquerade as part of a Pharming attack.
Attack Pattern 142
http://capec.mitre.org/data/index.html