DNS Poisoning Basics

DNS Poisoning


Before we proceed to DNS Poisoning lets have some look on basics. So lets take look on what is DNS first. You already know internet runs on TCP/IP model or you can say internet protocol stack. TCP/IP stack specifies and uses IP addresses (example : 204.87.98.34) to route data between source and destination computer. Every computer in the world that is connected in network have an IP address. Since remembering IP addresses are difficult each IP address is associated with a name like www.google.com which is also known as domain name. Domain names are easy to remember but original TCP/IP stack needs IP address for communication not the domain name.

So a service has been created to convert these domain names into their respective IP addresses, this service is known as Domain Name Service (DNS), a computer or system which provides this service is known as Domain Name System. Now you can call it a coincidence that Domain Name Service and Domain Name System both end having same abbreviation DNS and the best part they don’t even conflict with each other while using.
A DNS runs on DNS protocol that translates web address into its respective IP address. Now DNS poisoning or DNS spoofing is technique by which an attacker provides wrong IP address to DNS server for misdirecting users to fake websites. Following are types of DNS poisoning, in future post we will cover them briefly,
  • Intranet DNS Spoofing/Poisoning
  • Internet DNS Spoofing/Poisoning
  • Proxy Server DNS Spoofing/Poisoning
  • DNS Cache Spoofing/Poisoning
Intranet DNS poisoning is done over a LAN. It is usually performed over switched network with help of ARP poisoning. You can use Cain And Abel to perform this kinda attack. Internet DNS poisoning can be done over any system across world by changing DNS entries of victim’s computer. In Proxy Server DNS poisoning we change proxy settings of victim to our IP address then redirect victim to fake website. In DNS cache poisoning an attacker changes IP address entries of target website on some specific DNS server then if any person asks that DNS for information it’ll provide fake IP information to it.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s