Open in app

Sign in

Write

Sign in

DNS Spoofing (DNS poisoning)

ClouDNS
2 min readMar 20, 2018

Cyber-threats are behind every corner. Recently we wrote about DDoS attacks, and how hackers are using your computer and many connected devices to create a network of bots who can bring down even the best-protected network. Today we will review another danger — DNS spoofing.

DNS spoofing a.k.a. DNS poisoning is that popular that you can find plenty of DNS spoofing tutorials using Kali distribution of Linux, but we are on the good side, and we won’t show you that. We will explain to you why there is such a threat and how can you protect.

DNS caching

To save time and divide better the load, in the DNS there are recursive DNS servers. They have a cache, local saved information about the domains that temporary stays in them.

Forwarding

Even a caching name server does not necessarily perform the complete recursive lookup itself. Instead, it can forward some or all of the queries that are cannot satisfy from its cache to another caching name server, commonly referred to as a forwarder.

DNS spoofing, the attack

Is a poisoning of the cache of the nameservers. The information is replaced with a faked one, from a host that has no authority to give it. This attack can forward the visitors of a website to another fake website. Those fake websites are visually very similar to the real ones, and people don’t even understand the difference. In this process, personal data can be stolen.

Methods of DNS spoofing

Spoofing the DNS responses

In this one, the attacker is guessing the manner in which the DNS generates its query ID and sends a fake response with the IP address he/she wants.

DNS cache poisoning

It includes sending to the DNS servers, wrong mapping information with high TTL. The information is saved for a long time so the server can give the fake answer for a long time.

Break into the platform

The attacker uses buffer overflows to access to the root and obtain full control over the network.

How to protect from DNS spoofing?

There are few different things that you can do to protect from those attacks:

Detection mechanisms. You can use special software to detect it. Using such a program, you can be safe from the most forms of DNS spoofing.

Always use a secure connection. Use encryption via SSL or TLS to verify the certificate of the website you want to visit.

Use DNSSEC — Domain Name System Security Extensions checks the data authenticity with digitally signed DNS records.

Conclusion

We should be cautious where do we go on the internet and what emails are we opening. Even the slightest difference, like the missing of the SSL certificate, should immediately trigger us to check double the website we want to visit.

Originally published at https://www.cloudns.net

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Dns Spoofing
Dns Poisoning
DNS
Cloudns
ClouDNS
ClouDNS

Written by ClouDNS

6 Followers
0 Following

ClouDNS is one of the biggest providers of global Managed DNS services, including GeoDNS, Anycast DNS and DDoS protected DNS.

No responses yet

Write a response

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams