Near the middle of 2008, the world was informed of the existence of a recently discovered, previously unknown and very serious vulnerability that was present within the majority of the Internet domain name system (DNS) servers. The vulnerability was considered critical because, if exploited, it could be used to redirect unsuspecting Internet users to malicious web sites without detection. It’s a long or widely used term the “DNS Spoofing”. Now a days techniques like DNSSEC are been employed to get rid of these attack.
Recently our co- blogger visited on a linux forum having a discussion on how an attacker compromise for DNS spoofing is done and what the results are .Our discussion with some networking experts clarified a lot like how various software’s like Ettercap , scripts, Linux OS versions like Backtrack In fact now there various new spoofing methods are unknown / hidden in WWW , so that a normal user may not be able to detect at first sight. For related info just go through the basics of DNS Spoofing.Those who are experts in Network Administration can opt this post out .
Basically the term “DNS spoofing” is used when a DNS server accepts and uses incorrect information from a host that has no authority giving that information. DNS spoofing is in fact malicious cache poisoning where forged data is placed in the cache of the name servers. Spoofing attacks can cause serious security problems for DNS servers vulnerable to such attacks, for example causing users to be directed to wrong Internet sites or e-mail being routed to non-authorized mail servers.
In DNS ID spoofing techniques When a computer attempts to connect to an Internet site, it must have its own IP address. When the browser sends a request for a website’s IP address to a DNS server, a random number (ID) is generated that accompanies the request. When the DNS server responds to the computer with the requested IP address, it attaches the same random number; upon obtaining the IP, the computer verifies the response by comparing the numbers–if the numbers match, the response is considered valid.In DNS ID spoofing, a hacker may use a sniffer to spy on DNS requests originating from the computer, and obtain the random number associated with the request. This enables the hacker to redirect the computer to another site by responding to the DNS request with inaccurate information, but with a matching ID.
DNS is one of the essential protocols on the Internet. It is used in almost every interaction that uses names in identifiers: Email, Web, SIP based Voice over IP, Web services, Spam filtering, Internet messaging, and many more. Yet the DNS system has not been designed with security in mind.
For a newbee What a DNS server does normally is that as you type in a web address such as http://www.google.com into your browser, a DNS request is made to a DNS server in order to find out what IP address that name resolves to. This is because routers and the devices that interconnect the Internet do not understand google.com, they only understand addresses such as 188.8.131.52.So on DNS Spoofing attack you will be redirected to a fake site .It will get worse if you give credentials like banking, email details to a fake site.Much pain add to these sort of attacks since facts is that there are widely accepted spoofing and cache poisoning free softwares avail online .
Preventing DNS spoofing
In order to prevent many sources of Internet attacks, it is necessary to have the security built into DNS systems. To minimize the risk of a spoofing attack, every organization or individual responsible for a domain should first check which type of name server they are using and consult with its developer whether it is secure against DNS spoofing or not. It is also possible to use the latest version of DNS Expert to check the vulnerability of all types of DNS servers to DNS spoofing and other DNS problems.
DNS spoofing has become much difficult to identify against due to the arise of new attacks and new methods being mostly passive by nature. Typically, you will never know your DNS is being spoofed until it has happened. What you get is a webpage that is different than what you are expecting.
- Secure DNS Servers/internal machines with good Firewalls and Anti Spoofing and security measures: Its the basic methods to try out ,Mainly attacks like these are most commonly executed from inside the network.If your network devices are secure then there is less of a chance of those compromised hosts being used to launch a spoofing attack.Moreover several Anti DNS Spoofing Network solutions are avail.For single PC users to check whether toy are subjected to DNS Spoofing can try out a good firewall on your system does a little bit help , for eg: firewalls like “online-armor” has got antispoofing techniques.Online Armor protects against this attack quite simply. It compares the DNS results from your local machine against a trusted third-party server. This stops programs from manipulating your OS settings to misdirect you to fake sites.If there is a mismatch between the trusted third-party server and your local machine, you are alerted. Simple and effective protection.
- Don’t always rely on your DNS server Functionality-It’s a little bit trick to get rid of fake sites like Instead of DNS server resolving names , you could opt for various hosts file in your sytem to specify domain names to specific /real ipaddresss (eg: In windows it;s in C:\windows\sytem32\drivers\etc\host).You could mannually edit this file to indicate real ipaddress for domains or websites.
- Use IDS: An intrusion detection system, when placed and deployed correctly, can typically pick up on most forms of ARP cache poisoning and DNS spoofing.
- Using DNSSEC- These techniques adds digital signatures to normal DNS queries.DNSSEC was designed to deal with cache poisoning and a set of other DNS vulnerabilities such as “man in the middle” attacks and data modification in authoritative servers. Its major objective is to provide the ability to validate the authenticity and integrity of DNS messages in such a way that tampering with the DNS information anywhere in the DNS system can be detected. This is the kind of protection that DNS desperately needs.
- Use Gibson Research test Online :- Gibson Research Corporation , which is mainly intended against security breaches has come up with a DNS Spoofability test online ,every users could test and view the results of your DNS servers and how vulnerable or secure are your current DNS Servers.In addition to determining the spoof-ability of your DNS name servers, GRC’s free “DNS Benchmark” utility can test, compare and rank the name resolution performance of any DNS name servers accessible to you.
- Try out Secure Alternate Open DNS Servers – It’s a final method to try out If any doubt on your normal DNS Servers are responding with fake sites , opt for open DNS servers.Lots of open DNS servers are avail online.