Google should deliver some good info by searching for cache snooping attack.
But in case you don't have access to Google, a seminal paper by Luis Grangeia
is available [1] along with other DNS topics [2]. (Ok, maybe not seminal, but
he covered it so well, not much else needs to be said.)
In a nutshell, I ask your DNS server to resolve www.bankofamerica.com, but my
request tells your DNS server not to look it up. It will consult its cache
only. If it returns a value, that means someone who uses your DNS server has
previously resolved the domain, most likely via web browsing.
How can I use this info? If I wanted to target you or your company
specifically, I could find some sites your users visit (like
www.bankofamerica.com in the example), spoof email to them that looks like it
is from that site, and possibly trick your users into running an attachment,
opening a rich email, or going to a link of my choosing.
Is DNS cache snooping a huge deal? Not really. It ranks up there with targeted
and more exotic attacks. Unless you need to worry about corporate espionage or
national security, I doubt this is of huge concern. However, as automation
becomes more advanced and complex, this is an avenue that could someday be more
used. Query a DNS server for a list of bank domains it has cached, then bulk
spam people from the DNS domain and hope your scattershot hits someone valid,
who also is gullible. Low yield, but once automated, could be enough to
justify...
[1]
http://www.sysvalue.com/papers/DNS-Cache-Snooping/files/DNS_Cache_Snooping_1.1.pdf
[2] http://www.dnssec.net/dns-threats
<- snip ->
tell me please, what is "dns cache snooping attacks" ?
Tell an example of the given attack?
