DNS(Domain name system) Poisoning also known as DNS cache poisoning.
In DNS poisoning the attacker alters the DNS records so that it can route the user to a fake website or the website which is controlled by the hacker.
This type of attack the victims will think that they are going to a real website but instead they are going to a fake website.
For e.g – They will write cybervie.com into the URL bar to visit the real website but because of DNS spoofing they will be transported to a fake website that will look like cybervie.com and they will end up giving their details to the hacker.
This creates a perfect condition for phishing attacks.
Methods of DNS spoofing/Poisoning
Man-In-The-Middle(MITM)
Hacker will intercept between the server and the user and change the user’s DNS every time the victim surf internet. Changing DNS means changing the destination IP address of the websites.
DNS Hijacking
In DNS hijacking the the local DNS server is replaced by the forged and malicious server with IP addresses of attacker and genuine website name.
WHAT COULD GO WRONG IF YOUR DNS IS SPOOFED OR POISONED
- Data theft -> The attacker can compromise every type of data like your password, your credit card details, your address.
- Viruses/Malwares -> The attacker can download malicious software or viruses into the computer which will harm the computer badly.
- Stoped security updates -> If the internet security provider is spoofed it will not download the latest security updates and your device will be exposed to malware and trojans.
Tools
- Dnsspoof -> This tool navigates all the DNS to a fake local computer host file.
- Ettercap -> It is one of the best tool for man in the middle attacks(MITM) and it provides DNS spoof, arp spoof, and a lot more option for MITM
- Arpspoof -> This tool commands the IP address.
How to prevent DNS poisoning.
- Never click a link you don’t recognize.
- Flush you DNS cache to solve the poisoning.
- Use VPN.
- Scan your computer regularly.
