What is DNS Spoofing?

DNS spoofing is another man-in-the-middle attack that can force victims to navigate to a fake website purporting to be a real one.

DNS spoofing is based on presenting fake DNS information to a victim in response to their DNS request and, as a result, forcing them to visit a site that is not the real one.

For example, suppose the user requests the IP address of mail.yahoo.com, which is supposed to be XX.XX.XX.XX. But the attacker would respond to the DNS query before the actual response arrives with a spoofed address of YY.YY.YY.YY. The user’s system will make a connection request to YY.YY.YY.YY, thinking that mail.yahoo.com is located at that IP address. So effectively, the user is routed to a completely different site from the one they originally intended to visit.

Regular DNS communication occurs when the system requests the IP of a particular website, and the DNS server responds with the actual IP address of that website. The system then connects to the website through the IP address it received as a response. With DNS spoofing, the attacker intercepts the DNS request and sends out a response that doesn’t contain the actual IP but a spoofed IP address. To secure yourself from DNS spoofing:

  • Secure your internal systems: the systems in the internal LAN must be kept secure and updated with the latest security patches from the different vendors. Without this protection, there is a chance one of the systems in the internal LAN will be compromised and start launching DNS spoofing attacks on other LAN systems, further increasing the infections.
  • Deploy IDS/IPS: intrusion detection systems and intrusion prevention systems can handle DNS spoofing attacks, so they need to be deployed inside the network and on the perimeter of the network.
  • DNSSEC: DNSSEC is a very secure technology that can be used to allow only digitally signed DNS records to be published on DNS servers. Through DNSSEC, we can also prevent bogus zone transfers and hence prevent DNS servers from getting infected themselves.

This is one of our top 5 most popular articles! Get the other best free internet security articles here.