Skip to main content

DNS attack


A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system (DNS).

In order to understand how DNS attacks work, it is important to first understand how the domain name system works. DNS is a protocol that translates a user-friendly domain name, like WhatIs.com, into the computer-friendly IP address 206.19.49.154.


When an end user types the people-friendly domain name WhatIs.com into a client’s browser, a program in the client’s operating system called a DNS resolver looks up WhatIs.com’s numerical IP address. First, the DNS resolver checks its own local cache to see if it already has the IP address for WhatIs.com. If it doesn’t have the address, the resolver then queries a DNS server to see if it knows the correct IP address for WhatIs.com. DNS servers are recursive, which simply means that they can query each other to either find another DNS server that knows the correct IP address or find the authoritative DNS server that stores the canonical mapping of the WhatIs.com domain name to its IP address. As soon as the resolver locates the IP address, it returns the IP address to the requesting program and caches the address for future use.


Although the DNS is quite robust, it was designed for usability, not security, and the types of DNS attacks in use today are numerous and quite complex, taking advantage of the communication back and forth between clients and servers. Typically, attackers take advantage of the plaintext communication back and forth between clients and the three types of DNS servers. Another popular attack strategy is to log in to a DNS provider's website with stolen credentials and redirect DNS records.


To lessen the chance of a DNS attack, server administrators should use the latest version of DNS software, consistently monitor traffic and configure servers to duplicate, separate and isolate the various DNS functions. To defend against DNS attacks, experts recommend implementing multifactor authentication when making changes to the organization's DNS infrastructure. Operations personnel should also monitor for any changes publicly associated with their DNS records or any digital certificates associated with their organization. Another strategy is to deploy Domain Name System Security Extensions (DNSSEC), which strengthens authentication in DNS by using digital signatures based on public key cryptography.

 

DNS attack vectors


Types of DNS attacks include:


Zero-day attack – the attacker exploits a previously unknown vulnerability in the DNS protocol stack or DNS server software.


Cache poisoning – the attacker corrupts a DNS server by replacing a legitimate IP address in the server’s cache with that of another, rogue address in order to redirect traffic to a malicious website, collect information or initiate another attack. Cache poisoning may also be referred to as DNS poisoning.


Denial of Service – an attack in which a malicious bot sends send more traffic to a targeted IP address than the programmers who planned its data buffers anticipated someone might send. The target becomes unable to resolve legitimate requests.


Distributed Denial of Service - the attacker uses a botnet to generate massive amounts of resolution requests to a targeted IP address.


DNS amplification - the attacker takes advantage of a DNS server that permits recursive lookups and uses recursion to spread his attack to other DNS servers.


Fast-flux DNS – the attacker swaps DNS records in and out with extreme frequency in order redirect DNS requests and avoid detection.

Comments

Post a Comment

Popular posts from this blog

Black swan

A  black swan event  is an incident that occurs randomly and unexpectedly and has wide-spread ramifications. The event is usually followed with reflection and a flawed rationalization that it was inevitable. The phrase illustrates the frailty of inductive reasoning and the danger of making sweeping generalizations from limited observations. The term came from the idea that if a man saw a thousand swans and they were all white, he might logically conclude that all swans are white. The flaw in his logic is that even when the premises are true, the conclusion can still be false. In other words, just because the man has never seen a black swan, it does not mean they do not exist. As Dutch explorers discovered in 1697, black swans are simply outliers -- rare birds, unknown to Europeans until Willem de Vlamingh and his crew visited Australia. Statistician Nassim Nicholas Taleb uses the phrase black swan as a metaphor for how humans deal with unpredictable events in his 2007...
Post a Comment
Read more

A Graphics Processing Unit (GPU)

A graphics processing unit (GPU) is a computer chip that performs rapid mathematical calculations, primarily for the purpose of rendering images. A GPU may be found integrated with a central processing unit (CPU) on the same circuit, on a graphics card or in the motherboard of a personal computer or server. In the early days of computing, the CPU performed these calculations. As more graphics-intensive applications such as AutoCAD were developed; however, their demands put strain on the CPU and degraded performance. GPUs came about as a way to offload those tasks from CPUs, freeing up their processing power. NVIDIA, AMD, Intel and ARM are some of the major players in the GPU market. GPU vs. CPU A graphics processing unit is able to render images more quickly than a central processing unit because of its parallel processing architecture, which allows it to perform multiple calculations at the same time. A single CPU does not have this capability, although multi...
Post a Comment
Read more

6G (sixth-generation wireless)

6G (sixth-generation wireless) is the successor to 5G cellular technology. 6G networks will be able to use higher frequencies than 5G networks and provide substantially higher capacity and much lower latency. One of the goals of the 6G Internet will be to support one micro-second latency communications, representing 1,000 times faster -- or 1/1000th the latency -- than one millisecond throughput. The 6G technology market is expected to facilitate large improvements in the areas of imaging, presence technology and location awareness. Working in conjunction with AI, the computational infrastructure of 6G will be able to autonomously determine the best location for computing to occur; this includes decisions about data storage, processing and sharing.  Advantages of 6G over 5G 6G is expected to support 1 terabyte per second (Tbps) speeds. This level of capacity and latency will be unprecedented and wi...
Post a Comment
Read more