What is DNS spoofing attack ?
- Internet traffic is diverted to fake servers
- Corrupt DNS data is introduce into DNS resolvers cache ( DNS Cache Poisoning)
- It is also called as DNS poisoning
How does DNS Spoofing works?
In DNS spoofing attack takes help of DNS server vulnerabilities, traffic is diverted to fake servers away from legitimate servers.
DNS Spoofing Example
This attack redirect users to malicious websites.
In this Attackers can poison ARP (Address resolution protocol) tables
Consequences of DNS Spoofing and Poisoning
- Data Theft
- Malware attack
- Stops security updates
What other attacks can happen by DNS spoofing?
Man in the middle attack
How to prevent DNS spoofing attack?
- Regularly Audit DNS zones
- DNS servers up-to-date
- Restrict Zone transfers
- Limit recursive queries
- Store only data related to requested domain
- Apply End to End encryption
- Use DNS security extensions (DNSSEC)
DNS Tunnelling attack:
DNS tunneling uses the DNS protocol to tunnel malware and exfiltrate the data.
Embedding of data into DNS queries
Consequences of DNS Tunneling attack:
Data Exfiltration: Attackers can leak sensitive information by using DNS.
Command and Control: Also called as C2, Attackers can take help of DNS protocol to send commands (RAT: Remote access trojan).
How to Prevent DNS tunneling?
Mitigation:
- DNS firewall
- Block IPS
- Deploy standalone DNS protection solution like infoblox
- Use DNS security extensions (DNSSEC)
