When we surf the Internet, by simply entering a web page, we can suffer a wide variety of attacks. A site can be maliciously configured, it can contain links that take us to other pages controlled by attackers or, in other cases, it can have file downloads that are actually malware. In this article we are going to talk about two terms that refer to the problems that we can find just by visiting a page. We are going to talk about what is DNS Spoofing and what is DNS cache poisoning .
What is DNS Spoofing
Spoofing DNS spoofing or DNS is one of the attacks that we find when surfing the net. Basically it is a method that hackers use to modify the addresses of the DNS servers that the user uses.
We already know that DNS servers are necessary to navigate. They act as translators so that, by putting the domain name such as redeszone.net, it automatically translates and opens the corresponding address.
We can use DNS servers provided by the Internet operator, as well as choose one of the many on the network. There are both free and paid. Some may be faster, others might even be more prepared for safety. Whichever option we choose, the goal is the same.
What happens if those DNS servers are changed? They could point to a wrong page by putting in a domain name . That could happen with what is known as DNS Spoofing or DNS spoofing.
An attacker can alter the IP addresses of the victim’s DNS servers. In this way, when you enter a web page you could be redirected to a totally different one. Let’s take as an example that we write the domain of a bank website. In case they have carried out a DNS Spoofing attack, they could redirect to a website that pretends to be the bank’s, in order to carry out a Phishing attack and collect the passwords.
The process is as follows: the user makes a request to a DNS server to resolve a domain name, such as redeszone.net. However, in case of being victims of this attack, that DNS server will give us a response that directs us to an illegitimate site, instead of the one we hope to enter.
What is a cache poisoning attack
The end of a cache poisoning attack is similar to the previous one, although the procedure is not exactly the same. In this case, it is a user-level DNS spoofing method. The victim’s system registers a fraudulent IP address in its cache in local memory.
This causes the DNS server to remember an incorrect site, created maliciously for that purpose. It occurs when malicious code violates the domain name table of an Internet server. It could affect specific pages or many. For example, they could carry out a cache poisoning attack solely to modify the addresses of bank accounts or social networks, while all the others work correctly.
This attack code usually appears in URLs that are sent through spam emails, images, or advertisements. They are usually on websites that are already insecure by themselves. They can also attack legitimate pages with the aim of sneaking this type of malicious code to visitors.
What happens with attacks against DNS servers
We have seen what DNS Spoofing means and what a cache poisoning attack is. Both cases can compromise the security of users and affect the way in which we enter legitimate web pages. Basically what they do is change the address and take us to other sites controlled by the attackers. Let’s see what they can achieve with this.
Information theft
One of the objectives of this type of attack is the theft of information . We already know that our data on the Internet has great value. They can collect our name, e-mail address, telephone number … Any data that can be exposed when browsing the Internet.
Sneak malware
They can also use these methods in order to sneak malware onto the victims. There are many types of malicious software that can compromise our security in one way or another. Through attacks like these they could infect our devices and even control them.
Steal passwords
Another issue to take into account and that is very important is the theft of passwords . They can use this to redirect us to false pages in order to steal passwords to bank accounts, social networks or any other service on the Internet.
As we can see, both DNS Spoofing and DNS poisoning attacks can seriously compromise our computers. This means that we must always take precautionary measures and not expose our systems on the network.
