## DNS Cache Snooping

From: "andrew cooke" <andrew@...>

Date: Wed, 16 Nov 2005 19:57:25 -0300 (CLST)

Never thought of this - you can ask DNS servers if they have an address
locally.  That tells you whether any user of that cache has requested a
translation of that address recently.  This was used to trace the reach of
the Sony rootkit, but also implies that anyone can test for users
accessing certain addresses (assuming they are using DNS rather than going
directly to a numerical IP).

From BoingBoing -
http://www.boingboing.net/2005/11/15/sony_infects_more_th.html

Andrew

_______________________________________________
compute mailing list
compute@...
https://acooke.dyndns.org/mailman/listinfo/compute