DNS Spoofing Attacks

How DNS spoofing works and how to protect

What is DNS Spoofing ?

DNS spoofing, in short, is a type of attack in which traffic is directed from a legitimate website such as www.google.com to a malicious website such as google.attacker.com. This method can be done using DNS hijacking/redirection. For example, by compromising the security of the DNS server, it can turn legitimate sites into fake ones and direct them to bad sites of its own choosing.

Cache Poisoning is another method of DNS spoofing without using DNS hijacking. DNS servers, routers and computers cache DNS records. Therefore, attackers can “poison” the DNS cache by adding a spoofed DNS entry with an alternative IP destination for the same domain name. The DNS server turns the domain into a fake website until the cache is refreshed.

How to protect against DNS Spoofing

The DNS name server has a highly sensitive infrastructure that requires strong security measures, as it can be hacked and used by hackers to launch DDoS attacks.

* Follow network analyzers. Turn off unnecessary DNS resolvers.

* Severely restrict name server access. Physical security, multi-factor access, firewall and network security measures should be used.

* To take precautions against cache poisoning; Use a random source port, randomize the query ID, and randomize the letters in domain names.

* Be sure to patch known vulnerabilities.

* Disconnect from the authorized name server resolver.

* Restrict domain transfers.

For end users :

* Change router password regularly.

* Install anti-virus software using an encrypted VPN channel.

For websites :

* Use two-factor authentication to retrieve DNS records and create a list of IP addresses that can access DNS settings.

* Check if client lock is supported.

* Use and enable a DNS registrar that supports the use of DNSSEC. DNSSEC makes it difficult for hackers to penetrate DNS communication between the server and DNS with a digital signature.

I hope you learnt something from this topic..