DNS poisoning

Leave a Comment / Cyber Security

Description: DNS Poisoning

DNS poisoning , known as DNS spoofing, is a type of attack that uses a weak domain name (DNS) system to divert Internet traffic from legitimate servers to false ones. 

DNS poisoning or DNS cache poisoning, refers to the corruption of the Internet Server’s DNS (Domain Name System) table by entering an Internet address with another powerful address.

When a Web user searches for a page with that address, the request is redirect with a strong entry in the table to a different address. At that point, a worm program, spyware, a Web browser hijacker program, or other malware can be download to a user’s computer in a corrupt environment.

Deposit toxins can be transmit in a variety of ways, increasing the rate at which powerful systems spread. One strategy is the placement of compromised URLs within the spam email with headlines that test users to open a message (for example, “Error in your tax return”). Images and ads embed within email messages can also become vehicles where users are redirect to servers compromise by cache poisoning.

Once a user’s computer is infect with an undesirable code, all future applications of that user’s corrupt URL will be redirect to the wrong IP address – even if the “victim” server solves the problem on its site.

Cache Toxins

Cache toxins are especially dangerous when targeted sites are known and trusted, such as those that are targeted for automatic virus-specific updates. though it is different from any other type of DNS toxin, in which the attacker removes the valid email accounts and sweeps the inbox of administrative and technical contacts.

it is related to the URL toxicity To URL poisoning, also refer as local toxicity, the behavior of Internet users is follow by adding the reference number (ID) in the local browser line that can record when the user visits consecutive pages on site.

A Domain Name System server translates a domain name that can be read by people (such as example.com) to the IP price tag used to move connections between locations. Usually if the server does not know the requested translation it will ask another server, and the process will continue to repeat itself. In order to increase performance, the server normally remembers (cache) this translation at some point. This means that if it receives another request for the same translation, it can respond without having to ask other servers, until the cache ends.

When a DNS server detects a false translation and saves it for performance, it is consider toxic, and provides incorrect information to customers. If a DNS server is poisoned, it can retrieve the wrong IP address, diverting traffic to another computer (usually the attacker). 

DNS (DOMAIN NAME SERVER)

Domain Name System (DNS) is a secure name system that is distributes electronically to computers, services, or any other device connected to the Internet or private network. It links the various details to the domain names provided to each of the participating businesses. Most importantly, it translates meaningful domain names to people into numerical identifiers associated with communication devices for the purpose of locating and targeting these devices worldwide.

Methods for performing DNS spoofing attacks include:

  • Medium (MITM) – Disconnects between users and the DNS server to move users to a different / bad IP address.
  • DNS server compromise – Direct hijacking of DNS server, designed to retrieve malicious IP address.
DNSSEC –

DNSSEC is a protocol designed to protect your DNS by adding additional authentication methods. The protocol creates a separate cryptographic signature stored next to your other DNS records, e.g., A record and CNAME. This signature is then used by your DNS resolver to verify the DNS response, to ensure that the record is not tampered with.

While DNSSEC can help protect against DNS extinction, it has many of the following features, including:

Lack of data privacy – DNSSEC verifies, but does not include DNS responses. As a result, perpetrators are still able to listen in traffic and use data in complex attacks.

Sophisticated deployment – DNSSEC is often configured incorrectly, which can cause servers to lose security profits or even deny access to the website completely.

Location calculation – DNSSEC uses additional resource records to enable signature verification. One such record, NSEC, is able to verify the absence of DNS location. It can also be used to navigate a DNS location to collect all available DNS records – a risk called zone enumeration. New versions of NSEC, called NSEC3 and NSEC5, publish hashed records of hostel names, thus encrypting and preventing local enumeration.

Disabling DNS Cache Poisoning as a System Administrator

  1. Hide your binding version.
  2. Keep your DNS servers up to date.
  3. Search Your Places.
  4. Consider Forcing HTTPS.
  5. Disabling DNS Cache Poisoning as a User.
  6. Check the browser.

most common DNS attack

  1. Attack of DoS Reflection Reflection.
  2. It includes Meditation and Growth.
  3. Store toxins. DNS cache data corruption.
  4. TCP SYN floods.
  5. DNS tunnel.
  6. DNS hijacking.
  7. Basic NXDOMAIN attack.
  8. Phantom Domain Attack.
  9. Random domain attack.

Redirect the domain name to the target domain

The first variation of DNS cache poisoning involves re-entering the attacker’s domain name server to the targeted domain name server, and then assigning that server name the IP address specified by the attacker.

  • DNS server request: what are the address records of subdomain.attacker.example?
  • domain.attacker.example. KWI
  • Attacker’s response:
  • Answer:
  • (no answer)
  • Authority Category:
  • an example of an attacker. 3600 IN NS ns.target.example.
  • Additional category:
  • ns.target .example. KU-w.x.y.z

Written By: Mayank Mevada

Reviewed By: Sayan Chatterjee

If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs

Leave a Comment

Your email address will not be published. Required fields are marked *