Domain Name System (DNS) poisoning. Spoofing.
Updated: Sat, 11 Apr 2015 by Rad
DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) resolver's cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker's servers (or any other computer system).
DNS spoofing introduction
Targets vary - big names, espionage and financial gain
DNS attacks are very popular in hacking community, they could be run by cyber criminals and state-sponsored hackers for various purposes, including cyber espionage and financially motivated attacks.
A DNS is a critical component in a network because it is responsible for the translation of logical names into IP addresses, but an attacker could hit DNS servers to force to return an incorrect IP address and divert traffic to another computer managed by bad actors.
Year 2012 was prominent with more domain hijackings than ever. Basically global brand websites' domain names have been hijacked for a couple of hours, where the traffic intended for these websites have been redirected to the hackers' websites instead.
The victims are mainly big, corporate brands such as Google, Microsoft, Yahoo, PayPal and Kaspersky. The hackers see themselves as activists set out to disrupt the business of big corporate.
DNS Cache Poisoning video explanation
How to prevent DNS poisoning attacks
The real reason DNS cache poisoning is such a problem is because there's no real way of determining whether DNS responses you receive are actually legitimate or whether they've been manipulated.
The CERT/CC researchers mentioned two solutions to prevent this kind of attacks, one at the user side and the other at the server side.
How to prevent attacks
- At the user level, one should use end-to-end encryption using PGP or S/MIME for emails, of course this solution can only protect the content of the email, but not the routing process
- At the server level, it is possible to adopt the DNSSEC (DNS Security Extensions), a mechanism to guarantee the integrity of the DNS responses the issue should be solved by DNSSEC, which guarantees the integrity of the DNS responses, unfortunately only a limited number of domains currently deploy DNSSEC
< back to glosary
DNS poisoning - from around the web
- DNS spoofing - wikipedia
- DNS cache poisoning attacks to steal emails are reality
- The Hitchhiker's Guide to DNS Cache Poisoning - Sooel Son and Vitaly Shmatikov - The University of Texas at Austin - PDF
< back to glosary