Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DNS Cache Poisoning Signature

Is there a signature available for the new Bind 9 DNS Cache Poisoning vulnerability/exploit.

See reference

Cisco Employee

Re: DNS Cache Poisoning Signature

From our research on the subject, we do not believe a high-fidelity signature can be created to detect this attack. The nature of the traffic used in the attack is legitimate and as a successful attack requires some guess-work and timing, there are too many variables to detect any sort of pattern in the traffic used. The initial part of the attack occurs when a user accesses a malicious link. Standard user training should mitigate this vector if users avoid accessing unsolicited links. Updates are also available to patch systems. For more information, please see Intellishield alert number 13831:

We will continue to monitor the situation regarding this vulnerability and take appropriate action when necessary.