14,927
edits
Changes
Jump to navigation
Jump to search
Line 55:
Line 55: + +
→Resource Impersonation
* When illegitimate server operators receive DNS queries for an authoritative nameserver, they can return incorrect response data, make it so only certain geographic areas see altered data, and populate a recursive cache with incorrect results.<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, pg. 15, ICANN Community]</ref>
* When illegitimate server operators receive DNS queries for an authoritative nameserver, they can return incorrect response data, make it so only certain geographic areas see altered data, and populate a recursive cache with incorrect results.<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, pg. 15, ICANN Community]</ref>
* Using look-alike domains relies on similarities in domain names, such as [[gTLD|Domain suffix]] appending, [[Typosquatting]], or [[IDN|internationalized domain name]] homographs, or [[bitsquatting]] to lead users into interacting with a bogus website, generally to carry out a phishing attack.
* Using look-alike domains relies on similarities in domain names, such as [[gTLD|Domain suffix]] appending, [[Typosquatting]], or [[IDN|internationalized domain name]] homographs, or [[bitsquatting]] to lead users into interacting with a bogus website, generally to carry out a phishing attack.
* Transport Layer Security (TLS) certificates can be issued to a requestor who is not the legitimate operator of the service secured by the certificate when there are inadequate access controls of DNS entries or the BGP route has been manipulated.
===Code and Protocol Vulnerabilities===
===Code and Protocol Vulnerabilities===
===Infrastructure Choices===
===Infrastructure Choices===