DNS Spoofing
“If you don’t like the road you’re walking, start paving another one.” Dolly Parton
What is DNS (Domain Name System)?
Looks familiar if you are from the ’90s. This is called yellow pages It’s like a phonebook to find telephone numbers using the owner’s or business name or even vise versa. DNS is the same as that but a bit different.
Every device connected to the internet has a unique IP address. which provides the ability to find one machine from another. the widely used IP versions are IPv4 (32bit address) and IPv6 (128bit address). well, humans cannot keep them remembered. So they use an alternative hostname. as an example.
IPv4 Address = 74.125.24.139
Hostname = https://www.google.com/But networks and devices deal with the IP address, To resolve this issue DNS protocol’s main responsibility is to convert the human-friendly URL names (hostnames) into the appropriate IP address and find them. Let’s get into the more detailed approach.
How DNS Actually Works?
When the user first makes a request to go to a web page (example www.google.com) it first checks in the local DNS cache whether it has available records for the requested hostname.
In windows, this can be viewed in the CMD using the below command.
ipconfig /displaydnsit gives all the DNS records, here’s an example of a sample record.
If the requested information is not on the local DNS record it will delegate that request to its parent zone which is in the next level in the hierarchy this delegation continuous until it finds the nameserver and sends it back to the client. and the next time since it stored in the local cache it does not need to query again.
What is DNS Spoofing
DNS Spoofing is a type of attack carried out by attackers to divert original DNS traffic to fraudulent IP. the user is forced to divert and it is not hard to identify the difference from the original website to the fake website since the attackers completely download the frontend of the web site and hosted as same as the original website.
This will also result in DNS Cache Poisoning, in this attacker can modify all the local DNS cache to the fraudulent sites and directing all the traffics to them.
How to Avoid DNS Spoofing and Poisoning
Protecting from the DNS-related issues it’s not only the end-users who should have pay attention to server and organization aspects.
- Always use intrusion detection systems including spoofing detection tools.
- Using Domain Name System Security Extensions (DNSSEC) strengths the authentication using digital signatures based on public-key cryptography. this ensures that data origin authentication allows the resolver to cryptographically validate that the data actually coming from the data where it originates and Ensures that the data are not modified during the transit.
- End-to-End Encryption is another way of encrypting the information during the communication even if the data loss attacker cannot view the information.
And from the end-user aspect,
- Avoid clicking the links from untrusted sources and suspicious emails.
- Maintain OS updates and antimalware software updates.
- Flushing DNS local caches.
- Using appropriate VPNs.
