DNS spoofing attack

What is DNS Spoofing Attack? | DNS Tunneling How to Prevent

Cyber Attacks Cyber Security
Spread the love

What is DNS spoofing attack ?

  • Internet traffic is diverted to fake servers
  • Corrupt DNS data is introduce into DNS resolvers cache ( DNS Cache Poisoning)
  • It is also called as DNS poisoning

How does DNS Spoofing works?

In DNS spoofing attack takes help of DNS server vulnerabilities, traffic is diverted to fake servers away from legitimate servers.

DNS Spoofing Example

This attack redirect users to malicious websites.

In this Attackers can poison ARP (Address resolution protocol) tables

Consequences of DNS Spoofing and Poisoning

  • Data Theft
  • Malware attack
  • Stops security updates

What other attacks can happen by DNS spoofing?

Man in the middle attack

How to prevent DNS spoofing attack?

  • Regularly Audit DNS zones
  • DNS servers up-to-date
  • Restrict Zone transfers
  • Limit recursive queries
  • Store only data related to requested domain
  • Apply End to End encryption
  • Use DNS security extensions (DNSSEC)

DNS Tunnelling attack:

DNS tunneling uses the DNS protocol to tunnel malware and exfiltrate the data.

Embedding of data into DNS queries

Consequences of DNS Tunneling attack:

Data Exfiltration: Attackers can leak sensitive information by using DNS.
Command and Control: Also called as C2, Attackers can take help of DNS protocol to send commands (RAT: Remote access trojan).

How to Prevent DNS tunneling?


  • DNS firewall
  • Block IPS
  • Deploy standalone DNS protection solution like infoblox
  • Use DNS security extensions (DNSSEC)

Leave a Reply

Your email address will not be published. Required fields are marked *