Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

A Cache-Poisoning Attack
Cache poisoning causes a requesting server to store false information about the numerical address associated with a website. A basic version of the attack–without some of the more sophisticated techniques Kaminsky employs–is outlined below. 1. To begin, the attacker lures the victim’s server into contacting a domain the attacker controls. The attacker could, say, claim to have forgotten a password, prompting the victim to respond by e-mail.
2. The victim performs a DNS lookup to find out where to send the e-mail. But the attacker’s name server refers the victim to another server, such as that of Since the attacker knows that the victim will now start a DNS lookup for that server, he or she has an opportunity to attempt to poison its cache. 3. The attacker tries to supply a false response before the legitimate server can supply the real one. If the attacker guesses the right ID number, the victim accepts the guess reply, which poisons the cache.

0 comments about this story. Start the discussion »

Credit: John Keatley

Tagged: Web, security, Internet, patches, bugs, Dan Kaminsky

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me