Phoenix Domain is a general and novel attack that allows adversaries to maintain the revoked malicious domain continuously resolvable at scale, which enables an old, mitigated attack, Ghost Domain. Phoenix Domain has two variations and affects all mainstream DNS software and public DNS resolvers overall because it does not violate any DNS specifications and best security practices.
The attack is made possible through systematically "reverse engineering" the cache operations of 8 DNS implementations, and new attack surfaces are revealed in the domain name delegation processes....
By: Xiang Li
Full Abstract and Presentation Materials:
www.blackhat.c...