POPS: From History to Mitigation of DNS Cache Poisoning Attacks
Yehuda Afek
34th USENIX Security Symposium (USENIX Security '25) · Day 2 · Network Security 2: Routing and DoS
The internet's foundational Domain Name System (DNS) remains a critical yet vulnerable component, with **DNS cache poisoning attacks** posing a persistent threat to user security. This talk introduces **POPS**, a novel and highly effective method for detecting and mitigating a broad spectrum of these attacks. Presented by Yehuda Afek, a joint effort with Ariel Ber from Ariel University and Professor Anad Bremler from Tel Aviv University, POPS offers a significant advancement in defending against these pervasive threats. The presentation highlights that despite numerous CVEs and decades of research, new DNS poisoning vectors continue to emerge, with a recent attack reported in SP 2024 underscoring the ongoing danger.
AI review
Legitimate academic DNS security research with a coherent threat model and a technically sound mitigation strategy. POPS isn't groundbreaking, but it's honest work — the TC-bit forcing trick is clever reuse of protocol semantics, and the unified coverage across three attack classes is a real contribution. It won't make DEF CON's greatest hits, but it belongs at USENIX.