What is cache poisoning?
Cache poisoning is an attack vector that takes advantage of the way that Domain Name System (DNS) clients and Web servers improve performance by storing old responses for a period of time in a temporary storage area called a cache.
Attackers can corrupt the cache by replacing legitimately stored data in the cache with compromised data containing malicious code. When the compromised data is sent to the requesting client, the malicious code redirects the client or infects it with malware that can gather information or trigger another attack.
How does Cache Poisoning work?
There are currently two main types of DNS poisoning and web cache poisoning
- DNS poisoning is the corruption of the domain name system table of an Internet server by replacing an Internet address with another, unauthorized address. This allows a worm, spyware, web browser hijacking program, or other malware to be downloaded from the fraudulent site to the user’s computer.
- To prevent Web sites from using their caches as exploit delivery systems, Web administrators must properly set the HTTP response header configuration files on their servers. Use the HTTP response header “Vary” to tell each HTTP cache which parts of the request header, other than the path and host header, to include when trying to find the correct object.
Do you have any more questions?