DNS cache snooping is when someone queries a DNS server in order to find out (snoop) if the DNS server has a specific DNS record cached, and thereby deduce if the DNS server’s owner (or its users) have recently visited a specific site.
This may reveal information about the DNS server’s owner, such as what vendor, bank, service provider, etc. they use. Especially if this is confirmed (snooped) multiple times over a period.
This method could even be used to gather statistical information - for example at what time does the DNS server’s owner typically access his net bank etc. The cached DNS record’s remaining TTL value can provide very accurate data for this.
Figure out which sites users on a network are accessing. Create more targeted phishing/social engineering attacks.
|dns-cache-snoop||Performs DNS cache snooping against a DNS server||Nmap script|