DNS FLaRE: A Flush-Reload Attack on DNS Forwarders
Gilad Moav
34th USENIX Security Symposium (USENIX Security '25) · Day 2 · Network Security 2: Routing and DoS
The talk "DNS FLaRE: A Flush-Reload Attack on DNS Forwarders" unveils a sophisticated side-channel attack that leverages the timing characteristics of DNS forwarder caches to infer sensitive user activity. Presented by Yuda, on behalf of a research team including Gilad Moav (whose master's thesis formed the basis of this work), Professor Anad Bremler Bar from Tel Aviv University, and Professor Amit Klein from the Hebrew University, this research highlights a critical privacy vulnerability in widely deployed network infrastructure. The attack, named DNS FLaRE, focuses on the DNS caches present in home routers, which are typically used to accelerate DNS resolution.
AI review
Solid academic DNS privacy research with a novel flush-reload primitive applied to an underexplored target — the home router forwarder cache. The attack chain is technically coherent, the accuracy numbers are credible, and the IoT profiling angle gives it real-world bite beyond theoretical side-channel taxonomy.