2020 Nomination for Most Innovative Research
DNS Cache Poisoning Attack Reloaded
The DNS cache poisoning attack expanded via a side channel inside Linux kernel which can be used to infer the correct port number of the outstanding DNS request. The team found over 34% of the open resolver population on the Internet are vulnerable (and in particular 85% of the popular DNS services including Google’s 220.127.116.11). Furthermore, the attack was comprehensively validated against a variety of server configurations and network conditions in both controlled experiments and a production DNS resolver (with authorization).