DNS spoofing is another one of the man-in-the-middle attacks that can force victims to navigate to a fake website purporting to be a real one.
DNS spoofing is based on presentating fake DNS information to a victim in response to their DNS request and, as a result, forcing them to visit a site which is not the real one.
As an example, suppose the user requests the IP address of mail.yahoo.com, which is supposed to be XX.XX.XX.XX. But the attacker would respond to the DNS query before the actual response arrives with a spoofed address of YY.YY.YY.YY. The user’s system will make a connection request to YY.YY.YY.YY, thinking that mail.yahoo.com is located at that IP address. So effectively, the user is routed to a completely different site from the one which he or she originally intended to visit.
Normal DNS communication occurs when the system requests the IP of a particular website and the DNS server responds back with the actual IP address of that website. The system then connects to the website through the IP address it received as a response. With DNS spoofing, the attacker intercepts the DNS request and sends out a response that doesn’t contain the actual IP actual, but a spoofed IP address.
To secure yourself from DNS spoofing:
- Secure your internal systems: the systems in the internal LAN must be kept secure and updated with the latest security patches from the different vendors. Without this protection, there is a chance one of the systems in the internal LAN will be compromised and start launching DNS spoofing attacks on other LAN systems, further increasing the infections.
- Deploy IDS/IPS: intrusion detection systems and intrusion prevention systems are capable of handling DNS spoofing attacks, so they need to be deployed inside the network as well as on the perimeter of the network.
- DNSSEC: DNSSEC is a very secure technology that can be used to allow only digitally signed DNS records to be published on DNS servers. Through DNSSEC, we can also prevent bogus zone transfers and hence prevent DNS servers from getting infected themselves.