What is DNS Spoofing?

DNS spoofing is another one of the man-in-the-middle attacks that can force victims to navigate onto a fake website purporting as a real one.

DNS spoofing is based on the presentation of false or fake DNS information to the victim in a response to their DNS request and as a result forcing them to visit a site which is not the real one.

As an example, suppose the user requests the IP address of mail.yahoo.com which is supposed to be XX.XX.XX.XX.

But the attacker would respond to the DNS query before the actual response arrives with a spoofed address of YY.YY.YY.YY.

The user’s system will make a connection request to YY.YY.YY.YY thinking that mail.yahoo.com is located at that IP address. So effectively the user is routed to a completely different site from the one which he or she was originally destined to navigate.

Normal DNS communication occurs when the system request from the IP of a particular website and the DNS server responds back with the actual IP address of the website.

The system then connects to the website through the IP address it received as a response.

With DNS spoofing, the attacker intercepts the DNS request and sends out a response which doesn’t contain the actual IP actual but a spoofed IP address.

This means that the rather than connecting to the real website, the victim connects to a malicious website which can cause harm.

To secure yourself from DNS spoofing:

• Secure the internal systems: the systems in the internal LAN must be kept secure and patched with the latest security patches from the different vendors. Without such protection, there is a chance that one of the systems in the internal LAN will be compromised and hence start launching DNS spoofing attacks on other LAN systems, further increasing the infections.

• Deploy IDS/IPS: Intrusion detection systems and intrusion prevention systems are capable of handling DNS spoofing attacks so they need to be deployed inside the network as well as on the perimeter of the network.

• DNSSEC: DNSSEC is a very secure technology that can be used to allow only digitally signed DNS records to be published on DNS servers. Through DNSSEC we can also prevent bogus zone transfers and hence prevent the DNS servers from getting infected themselves.

This is one of our top 5 most popular articles! Get the other 4 best free internet security articles here.


Related Items

Internet Security Q & A

How to delete Cookies from Firefox?
Cookies are small pieces of text that is used by websites to store...
What is the Kernel Mode Driver?
Kernel mode is a type of environment that contains exceptionally high level...

Internet Security Articles

Best Free Internet Security Articles
  Here are the five most popular best free internet security articles for...
Network Security - All You Need To Know
Network security is a branch of networking that is encompasses strategies,...

Search

Internet Security Ads

Ask Question

Still cannot find answer for your security question?

 

Ask your question to our experts!

Copyright © 2011 SecuritySupervisor.com. All Rights Reserved.          Ask Question | Privacy | Legal | Links | Contact Us