Domain Name System (DNS) Spoofing Attack which is oftentimes called DNS poisoning, a DNS resolver
- by Sanjeev-
- Oct 05, 2019 11:02
Whenever you visit a website, you are not actually directed but redirected to it. For the convenience of general public domain names are the simplified names and easy to understand translations of their complex numerical IP addresses. Before redirecting you to the website, a computer contacts the DNS server to acquire the IP address because without it the computer has no way of locating it. In a Domain Name System (DNS) Spoofing attack, which is oftentimes called DNS poisoning, a DNS resolver, which is responsible for translating domain names into IP addresses, is presented with corrupted DNS data. If the data is corrupted, meaning it is incorrect, then the IP address of the domain translated will be incorrect as well.
To put it in simple words, it is an act of providing the end-user with a fake website that resembles the one they intended to visit. By doing this, hackers can divert all the data traffic on to their own computer and easily gain access to all the personal information of the targeted person. Domain Name System is an important part of networking and internet services. Since a layman is not expected to understand and memorize numerical IP addresses, without which computer services and computer with network protocols cannot be found, DNS does this work from them. Not only hackers but the Chinese Government also uses DNS poisoning to block the websites that are countrywide banned.
Facebook and Twitter are included in the list. But their purpose is to stop their citizens from using western social media encourage them to use the Chinese social media platforms so the profits don’t go overseas. To implement the attack, hackers can poison a DNS cache by injecting forged DNS entry into it which means it will be provided with false data and incorrect IP addresses.
Until that cache expires, all the clients using that server will be directed to the wrong domain names (websites). It is difficult to know whether or not a DNS server has been poisoned and that is why it is important to monitor the network traffic and its' flow to ensure that none of the clients are being redirected to unauthorized IP addresses. One effective way to counter the DNS Spoofing attack is to use Domain Name System Security Extensions (DNSSEC) which was specially designed to provide security to DNS servers as DNS is scalable and therefore vulnerable to attacks.