DNS is the favourite target for hackers; among the various attacks DNS is often subjected to, DNS cache-poisoning is considered as particularly dangerous, because it does not require sophisticated techniques, and even moderately experienced hackers can carry out this type of attack. Fortunately, new solutions protecting internet users now exist.
DNS cache poisoning: definition and risks involved
As a reminder, DNS (Domain Name System) translates a human-readable domain name into an IP address. Without this server, you simply cannot make any internet request. Also known as DNS spoofing, DNS cache poisoning is a form of hacking which directly affects the DNS. The success of this type of attack relies on its flaws and vulnerabilities.
In this type of attack, hackers insert corrupt data into the DNS; it is said that the cache is ‘poisoned’. DNS cache poisoning is often referred to as a “pharming” attack, for it intends to redirect a website’s traffic to another. The attacker sends fake responses from an imposter DNS to reroute a domain name to a new IP address. The new IP address is controlled by the attacker and is often used to spread computer worms and malware.
The worst thing is that corrupted IP addresses appear legitimate to the user while they actually contain malware. Yet, it is very difficult to detect this attack. Victims of DNS cache poisoning download malicious content whereas they believe it is legitimate and that it comes from trusted sources.
This attack is very powerful; every request for any subdomain can be directed to a server that the attacker has chosen. It is even possible to corrupt email systems in order to redirect corporate emails to a server that hackers control. Other more complex attacks include man-in-the-middle attacks and denial-of-service attacks.
DNS cache-poisoning is particularly dangerous because:
- Users think they are using a familiar website, but they are not;
- In this type of attack, the IP address seems legitimate to the DNS;
- Users can be redirected to malicious websites;
- Hackers can access valuable sensitive information.
Adopting effective solutions for your business: protection against DNS cache poisoning
As the number of DNS attacks has significantly increased over the past few years, it is now time to consider efficient means of securing the DNS. Although traditional firewalls are powerless against this type of attack, there exist several measures that companies like http://www.efficientip.com can take to prevent DNS attacks, such as DNS cache-poisoning.
In order to prevent DNS cache poisoning, IT managers can implement simple solutions, such as limiting trust relationship with other DNS servers and ensure that they use the most recent version of DNS. They can also add useful defenses to your DNS, such as port randomisation and cryptographically secure transaction IDs. These measures will efficiently help you prevent this type of malicious attack.
Finally, IT managers should also configure their DNS in order to limit recurring queries, and store only data associated with the requested domain, as well as restricting query responses. Keep in mind that external services provide attackers more opportunities to perform their malicious attacks.