14,927
edits
Changes
Jump to navigation
Jump to search
Line 55:
Line 55: − +
→Resource Impersonation
* When illegitimate server operators receive DNS queries for an authoritative nameserver, they can return incorrect response data, make it so only certain geographic areas see altered data, and populate a recursive cache with incorrect results.<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, pg. 15, ICANN Community]</ref>
* When illegitimate server operators receive DNS queries for an authoritative nameserver, they can return incorrect response data, make it so only certain geographic areas see altered data, and populate a recursive cache with incorrect results.<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, pg. 15, ICANN Community]</ref>
* Using look-alike domains relies on similarities in domain names, such as [[gTLD|Domain suffix]] appending, [[Typosquatting]], or [[IDN|internationalized domain name]] homographs, or [[bitsquatting]] to lead users into interacting with a bogus website, generally to carry out a phishing attack.
* Using look-alike domains relies on similarities in domain names, such as [[gTLD|Domain suffix]] appending, [[Typosquatting]], or [[IDN|internationalized domain name]] homographs, or [[bitsquatting]] to lead users into interacting with a bogus website, generally to carry out a phishing attack.
* Transport Layer Security (TLS) certificates can be issued to a requestor who is not the legitimate operator of the service secured by the certificate when there are inadequate access controls of DNS entries or the BGP route has been manipulated.
* Transport Layer Security (TLS) certificates can be issued to a requestor who is not the legitimate operator of the service secured by the certificate when there are inadequate access controls of DNS entries or the BGP route has been manipulated with path injection or prefix, route, or IP hijacking.
===Code and Protocol Vulnerabilities===
===Code and Protocol Vulnerabilities===