Last updated at Wed, 26 Jul 2017 16:29:40 GMT
AR of Securebits released a new DNS poisoning tool today. The DNS Multiple Race Exploiter is unique in that it can overwrite any A record by using a CNAME response. This differs from any of the existing public tools (including those in Metasploit, which only poison uncached "A" records and "NS" records). Note for lazy IPS/IDS developers, this tool uses a static TTL of 0x7BEDABED in all spoofed replies.