Keyu Man, Zhiyun Qian
The DNS cache poisoning attack expanded via a side channel inside Linux kernel which can be used to infer the correct port number of the outstanding DNS request. The team found over 34% of the open resolver population on the Internet are vulnerable (and in particular 85% of the popular DNS services including Google’s 8.8.8.8). Furthermore, the attack was comprehensively validated against a variety of server configurations and network conditions in both controlled experiments and a production DNS resolver (with authorization).
DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels