SlideShare une entreprise Scribd logo

DNS spoofing/poisoning Attack Report (Word Document)

Télécharger en tant que DOCX, PDF
F
Fatima Qayyum

Information security , DNS attacks, DNS SPOOFING/ POISONING WRITE UP

Technologie
1  sur  8
Contents Application level attacks: DNS Spoofing/Poisoning ...................................................................... 2 DNS................................................................................................................................................. 2 How it works?.................................................................................................................................2 DNS Attacks:...................................................................................................................................2 DNS SPOOFING/POISONING ..................................................................................................... 3 Aims of Attackersfor DNS Spoofing:.................................................................................................4 How DNS Spoofing Occurs? .............................................................................................................4 WAYS TO EXPLOIT..................................................................................................................... 4 PREVENTION................................................................................................................................ 5 How to check DNS settings in Windows?..........................................................................................5 DNS ATTACKS IN PAST ............................................................................................................. 7 REFERENCES ............................................................................................................................... 8
Information Security Project Report 2 | P a g e Application level attacks: DNS Spoofing/Poisoning DNS DNS stands for ‘Domain Name Server’. Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses. This is necessary because, even if domain names are easy for people to remember, computers or machines, access websites based on IP addresses [1]. How it works? DNS translates domain names to IP addresses so browsers can load internet resources. Information from all the domain name servers across the Internet are gathered together and housed at the Central Registry. Host companies and Internet Service Providers interact with the Central Registry on a regular schedule to get updated DNS information. When you type in a web address, e.g., www.google.com, your Internet Service Provider (ISP) views the DNS associated with the domain name, translates it into a machine friendly IP address (for example 74.125.236.32 is the IP for google.com) and directs your Internet connection to the correct website [1]. DNS Attacks: 1. Packet Interception 2. ID Guessing and Query Prediction 3. Name Chaining 4. Betrayal by Trusted Server 5. Denial of Service 6. Authenticated Denial of Domain Names 7. DNS Amplification Attack 8. DNS Cache Poisoning / DNS Spoofing
Information Security Project Report 3 | P a g e 9. (DDoS) Distributed Denial of Service attack 10. BIND9 Spoofing DNS Amplification Attack: Attacker use DNS open resolvers by sending DNS requests with source IP address of the target. When Resolvers receive DNS queries, they respond by DNS responses to the target address. Attacks of these types use multiple DNS open resolvers so the effects on the target devices are magnified. (DDOS) Distributed Denial of Service: The attacker tries to target one or more of 13 DNS root name servers. The root name servers are critical components of the Internet. Attacks against the root name servers could, in theory, impact operation of the entire global Domain Name System. BIND9 Spoofing: BIND is most widely used DNS software on Internet. BIND 9 (Stable Production Release) BIND 9 DNS queries are predictable. Source UDP port and DNS transaction ID can be effectively predicted. BIND9 is found to be predictable to 10 choices. This enables a much more effective DNS cache poisoning than the currently known attacks against BIND 9. DNS SPOOFING/POISONING DNS spoofing, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker's computer [2]. DNS spoofing corrupts the domain name system, diverting internet traffic away from its intended destination. DNS spoofing is used to censor the internet, redirect end users to malicious websites, and carry out DDoS attacks on web servers. DNS spoofing is also known as: o DNS tampering o DNS hijacking o DNS redirection DNS attack tools are readily available on the Internet (for example, dsniff, dnshijack, and many more) and they are all FREE! DNS spoofing is an overarching term and can be carried out using various methods such as: o DNS cache poisoning o Compromising a DNS server o Implementing a Man in the Middle Attack o Guessing a sequence number However, an attacker’s end goal is usually the same no matter which method they use. Either they want to steal information, re-route you to a website that benefits them, or spread malware.
Information Security Project Report 4 | P a g e Aims of Attackers for DNS Spoofing: There are a number of reasons why a hacker or other entity might do this: o Launch an attack: By changing the IP address for a popular domain like Google.com, for example, a hacker could divert a large amount of traffic to a server incapable of handling so much traffic. This can cause the server to slow down, stop, and encounter numerous errors. Such a “denial-of-service” attack can shut down a website or game server, for example. o Redirection: A corrupted DNS entry can redirect users to websites they do not intend to visit. A hacker might use this to send victims to a phishing site. Phishing sites often look identical to the real website but are operated by a hacker, tricking the user into entering private information such as their username and password. ISPs sometimes use DNS redirection to serve advertisements and collect user browsing data. o Censorship: Browsing the web is nearly impossible without DNS, so whoever controls the DNS server controls who sees what on the web. Government-controlled ISPs in China, for instance, use DNS tampering as part of their nationwide censorship system, known as the Great Firewall, to block websites from public view. How DNS Spoofing Occurs? DNS spoofing occurs in one of two ways: o Tampering with an existing DNS name server’s resolver cache, or o Creating a malicious DNS name server and spreading malware that makes routers and end user devices use it WAYS TO EXPLOIT In order to achieve DNS Amplification attack, the attacker performs two malicious tasks,
Information Security Project Report 5 | P a g e 1. The attacker spoofs the IP address of DNS Resolver (converts domain name to IP address) and replaces it with the victims IP address. This is because all reply of the DNS server will respond back to victims’ server. 2. The attacker finds Internet domain registered with many DNS records. Ex domain.example.com, domain1.example.com etc. Then the attacker DNS query to get all records of example.com. Now the attacker is ready to launch the attack. In order to get all records for example.com with spoofed source IP (victims IP); the attacker sends multiple DNS queries from different computers with different DNS server. The request that comes from the DNS resolver to resolve the domain name to IP address but as the resolvers IP changed with the victims IP, all the response from the DNS server will go to the source server (victims). Now the attacker got the amplification attack because for the request a large no of response will send to the victim (sometimes 100 times larger). If the server generates 3 Mbps DNS query it amplifies to 300 Mbps in victim side which creates traffic which is the resource consuming task in victim’s side. So, the victim’s side will be so busy to handle the attack which leads to Denial of Service attack [3]. DNS resolvers like BIND use unpredictable values with each generated query. Since the corresponding values in the response must match the values sent in the query, it is difficult for a blind attacker, who does not see the query, to forge a valid response and insert a new name. The new vulnerability allows an attacker to de-randomize the IP address of the name server a BIND resolver queries—reducing the amount of information a blind attacker must guess to successfully poison BIND's cache. At issue is BIND's Smoothed Round Trip Time (SRTT) algorithm. Distributed Denial of Service Attacks constitutes a relatively new type of DNS based attack that has proliferated with the rise of high bandwidth Iot botnets like Mirai. This attack uses the high bandwidth connections of IP cameras, DVD boxes and other IoT devices to directly overwhelm the DNS server of major providers. The volume of requests from IoT devices overwhelms the DNS provider’s services and prevents legitimate users from accessing the provider’s DNS servers. PREVENTION How to check DNS settings inWindows? For Windows: 1) In the Start Menu, locate the Command Prompt menu item which is usually found in the Accessories. 2) Right click on the command prompt menu item and select Run As Administrator. 3) In the command prompt window type the following command:
Information Security Project Report 6 | P a g e ipconfig/flushdns 4) If the problem persists type the following two commands: net stop dnscachenet startdnscache Thus, this is how DNS poisoning attach can be used while the method to prevent and avoid it is given above [9]. Detecting whether your DNS server has been tampered with or you’ve been infected with DNS changer malware can be difficult. Most of us don’t routinely check our DNS settings, and it may well be that only a few DNS entries have been poisoned. You might encounter more ads or involuntary redirection, but there may be no clear symptoms at all.That said, here are a few precautions you can and should take to protect yourself from DNS spoofing: o Always check forHTTPS:If DNS spoofing has led you to a malicious website, it will likely look identical or nearly identical to the genuine site you intended to visit. The difference is that the imposter won’t have a valid SSL certificate for the domain, which means you won’t see “https” or a closed padlock in your browser’s URL bar. The padlock indicates that your connection to the site is encrypted and verifies the server owner is who it says it is. Note that not all websites use HTTPS, so this is not a foolproof method. You can install the HTTPS Everywherebrowser extension to force your browser to always load the HTTPS version of a website when available. If you come across a site with HTTPS but it’s indicated in red or crossed out, then the SSL certificate is not valid and you should leave the site immediately. o Encrypted DNS:Due to the well-documented security weaknesses in DNS, a few vendors have stepped up to provide improved DNS security. DNSCrypt is perhaps the most popular of these for end users. DNSCrypt is a lightweight app that encrypts DNS traffic between the user and an OpenDNS nameserver, much in the same way that SSL encrypts traffic to websites that use HTTPS. This prevents spying, man-in-the-middle attacks, and, of course, DNS spoofing. You will need to configure your device to use an OpenDNS nameserver, which is free. o VPN:A VPN, short for Virtual Private Network, is a service that encrypts all the internet traffic going to and from your device and routes it through an intermediary server in a location of the user’s choosing. Quality VPN services use their own private DNS servers, and all DNS requests are sent through the encrypted tunnel. This means DNS requests
Information Security Project Report 7 | P a g e cannot be intercepted or altered, and you’ll be using a (hopefully) secure nameserver. Note that not all VPNs are created equal. Some use public DNS servers like Google DNS, while others allow DNS requests to leak outside of the encrypted tunnel, which means the default nameserver is used. Be sure to research your VPN provider’s specifications regarding DNS servers and DNS leak protection before signing up. o Antivirus:Use up-to-date antivirus software and keep real-time protection enabled. This should stop malware payloads containing DNS changer malware from infecting your device and other devices, including routers, on the network. o Disable JavaScript andWebRTC: Known strains of DNS changer malware have found their way onto end user devices through the use of JavaScript and WebRTC. JavaScript is a programming language used in many web pages today, so going without it might be too inconvenient for some users. That being said, JavaScript is often used to deploy malware. WebRTC is a communications protocol used by browser-based Voice over Internet Protocol (VoIP) services like Skype for Chrome. Chances are you don’t need it, but it’s enabled by default in most browsers including Firefox and Chrome. In Chrome, you can disable WebRTC by installing the WebRTC Network Limiter extension. In Firefox, enter about:config in the URL bar. Search for the media.peerconnection.enabled parameter and set it to false. A good VPN will disable WebRTC for you. If you’re not sure whether WebRTC is enabled in your browser, you can run a test here. o DNSSEC:For those operating nameservers, Domain Name System Security Extensions (DNSSEC) provide sorely needed authentication. This suite of specifications ensures trust between the end user and the DNS server. With DNSSEC properly implemented, the user knows responses come from the domain name owner and not from a corrupted DNS entry. DNSSEC also does not encrypt DNS records [8]. DNS ATTACKS IN PAST In Brazil in November 2011, the users faced malicious redirections when trying to access websites such as YouTube, Gmail and Hotmail, as well as local market leaders including Uol, Terra and Globo. In all cases, users were asked to run a malicious file as soon as the website opened. Brazil has some big ISPs. Official statistics suggest the country has 73 million computersconnected to the Internet, and the major ISPs average 3 or 4 million customers
Information Security Project Report 8 | P a g e each. If a cybercriminal can change the DNS cache in just one server, the number of potential victims is huge [5]. Similarly, in Turkey around September 2011, A Turkish hacker group diverted traffic to a number of high-profile websites including the Telegraph, UPS, Betfair, Vodafone, National Geographic, computer-maker Acer and technology news site the Register, putting unwary users at risk of having passwords, emails and other details stolen. Industry experts warned people not to log on to sites such as Betfair because their details could be stolen. Some people viewing the sites thought that they had been hacked directly, with the sites appearing to show a message in Turkish by a group called Turk Guvenligi, which last month carried out a similar attack on a Korean company. But in fact the sites themselves remained unaffected. The group had instead attacked the domain name system (DNS), which is used to route users to websites. A list of the sites affected by the hack, including Microsoft in Brazil and Dell in South Korea, was posted on the zone-hwebsite, used by hackers to list their successes [6]. Hacker with nickname AlpHaNiX defaces Google, Gmail, YouTube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning.DNS cache poisoning is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a name server [7]. REFERENCES [1]http://www.networksolutions.com/support/what-is-a-domain-name-server-dns-and-how-does- it-work/ [2] https://en.wikipedia.org/wiki/DNS_spoofing [3] https://securitycommunity.tcs.com/infosecsoapbox/articles/2017/11/03/dns-spoofing-how- protect-your-organization-it [4] http://www.cs.tufts.edu/comp/116/archive/fall2013/apolyakov.pdf [5] https://securelist.com/massive-dns-poisoning-attacks-in-brazil-31/31628/ [6] https://www.theguardian.com/technology/2011/sep/05/turkish-hacker-group-diverts-users [7] https://thehackernews.com/2011/12/dns-cache-poisoning-attack-on-google.html [8]https://privacy.net/dns-spoofing/ [9]https://www.slideshare.net/monark111/what-is-dns-poisoning

Recommandé

DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackFatima Qayyum
 
DNS Attacks
DNS AttacksDNS Attacks
DNS AttacksHimanshu Prabhakar
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and securityMichael Earls
 
DNS Presentation
DNS PresentationDNS Presentation
DNS PresentationShubham Srivastava
 
Domain name system
Domain name systemDomain name system
Domain name systemNifras Ismail
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNSThousandEyes
 
Dns security
Dns securityDns security
Dns securityDhaval Kapil
 
Chapter 29 Domain Name System.ppt
Chapter 29 Domain Name System.pptChapter 29 Domain Name System.ppt
Chapter 29 Domain Name System.pptwebhostingguy
 

Recommandé

DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackFatima Qayyum
 
DNS Attacks
DNS AttacksDNS Attacks
DNS AttacksHimanshu Prabhakar
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and securityMichael Earls
 
DNS Presentation
DNS PresentationDNS Presentation
DNS PresentationShubham Srivastava
 
Domain name system
Domain name systemDomain name system
Domain name systemNifras Ismail
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNSThousandEyes
 
Dns security
Dns securityDns security
Dns securityDhaval Kapil
 
Chapter 29 Domain Name System.ppt
Chapter 29 Domain Name System.pptChapter 29 Domain Name System.ppt
Chapter 29 Domain Name System.pptwebhostingguy
 
Domain name server
Domain name serverDomain name server
Domain name serverMobile88
 
DNS Security
DNS SecurityDNS Security
DNS Securityinbroker
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)Shashidhara Vyakaranal
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name SystemPeter R. Egli
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack pptOECLIB Odisha Electronics Control Library
 
Dns name resolution process
Dns name resolution processDns name resolution process
Dns name resolution processkannanragothaman
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name SystemAashima Wadhwa
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
 
DNS Cache Poisoning
DNS Cache PoisoningDNS Cache Poisoning
DNS Cache PoisoningChristiaan Ottow
 
Domain name service
Domain name serviceDomain name service
Domain name serviceishapadhy
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dnsAnand Grewal
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
Dns
DnsDns
DnsSanoj Kumar
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Servervipulvaid
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptxLakshayNRReddy
 
Dns presentation
Dns presentationDns presentation
Dns presentationAnurag Pandey
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancemaroti164
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 
DNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisDNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisCSCJournals
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemJennifer Nichols
 

Contenu connexe

Tendances

Domain name server
Domain name serverDomain name server
Domain name serverMobile88
 
DNS Security
DNS SecurityDNS Security
DNS Securityinbroker
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name SystemPeter R. Egli
 
Dns name resolution process
Dns name resolution processDns name resolution process
Dns name resolution processkannanragothaman
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
 
Domain name service
Domain name serviceDomain name service
Domain name serviceishapadhy
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dnsAnand Grewal
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Servervipulvaid
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptxLakshayNRReddy
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancemaroti164
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 

Tendances (20)

Domain name server
Domain name serverDomain name server
Domain name server
 
DNS Security
DNS SecurityDNS Security
DNS Security
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack ppt
 
Dns name resolution process
Dns name resolution processDns name resolution process
Dns name resolution process
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name System
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security Extensions
 
DNS Cache Poisoning
DNS Cache PoisoningDNS Cache Poisoning
DNS Cache Poisoning
 
Domain name service
Domain name serviceDomain name service
Domain name service
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dns
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
Dns
DnsDns
Dns
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Server
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
 
Dns presentation
Dns presentationDns presentation
Dns presentation
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
 

Similaire à DNS spoofing/poisoning Attack Report (Word Document)

DNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisDNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisCSCJournals
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemJennifer Nichols
 
Kipp berdiansky on network security
Kipp berdiansky on network securityKipp berdiansky on network security
Kipp berdiansky on network securityKipp Berdiansky
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
 
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSIJNSA Journal
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and RiskSukbum Hong
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Laura L. Adams
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSSuzanne Aldrich
 
DNS Hijacking: What Is It And How It Can Affect You?
DNS Hijacking: What Is It And How It Can Affect You?DNS Hijacking: What Is It And How It Can Affect You?
DNS Hijacking: What Is It And How It Can Affect You?Abraxas Market
 
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docxDoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docxmadlynplamondon
 
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPROIDEA
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolJisc
 
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...Felipe Prado
 

Similaire à DNS spoofing/poisoning Attack Report (Word Document) (20)

DNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisDNS Advanced Attacks and Analysis
DNS Advanced Attacks and Analysis
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
 
Infoblox Secure DNS Solution
Infoblox Secure DNS SolutionInfoblox Secure DNS Solution
Infoblox Secure DNS Solution
 
Kipp berdiansky on network security
Kipp berdiansky on network securityKipp berdiansky on network security
Kipp berdiansky on network security
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
 
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and Risk
 
Dns
DnsDns
Dns
 
Dns
DnsDns
Dns
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
DNS Cache Poisoning
DNS Cache PoisoningDNS Cache Poisoning
DNS Cache Poisoning
 
DNS Hijacking: What Is It And How It Can Affect You?
DNS Hijacking: What Is It And How It Can Affect You?DNS Hijacking: What Is It And How It Can Affect You?
DNS Hijacking: What Is It And How It Can Affect You?
 
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docxDoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
 
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
 
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOG
 

Plus de Fatima Qayyum

Keras CNN Pre-trained Deep Learning models for Flower Recognition
Keras CNN Pre-trained Deep Learning models for Flower RecognitionKeras CNN Pre-trained Deep Learning models for Flower Recognition
Keras CNN Pre-trained Deep Learning models for Flower RecognitionFatima Qayyum
 
GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)Fatima Qayyum
 
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...Fatima Qayyum
 
Gamification of Internet Security by Next Generation CAPTCHAs
Gamification of Internet Security by Next Generation CAPTCHAs Gamification of Internet Security by Next Generation CAPTCHAs
Gamification of Internet Security by Next Generation CAPTCHAs Fatima Qayyum
 
Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document) Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document) Fatima Qayyum
 
Artificial Intelligence presentation
Artificial Intelligence presentation Artificial Intelligence presentation
Artificial Intelligence presentation Fatima Qayyum
 
UNIX Operating System
UNIX Operating SystemUNIX Operating System
UNIX Operating SystemFatima Qayyum
 
Define & Undefine in SQL
Define & Undefine in SQLDefine & Undefine in SQL
Define & Undefine in SQLFatima Qayyum
 
Security System using XOR & NOR
Security System using XOR & NOR Security System using XOR & NOR
Security System using XOR & NOR Fatima Qayyum
 
Communication skills (English) 3
Communication skills (English) 3Communication skills (English) 3
Communication skills (English) 3Fatima Qayyum
 
Creativity and arts presentation (1)
Creativity and arts presentation (1)Creativity and arts presentation (1)
Creativity and arts presentation (1)Fatima Qayyum
 
World religon (islam & judaism)
World religon (islam & judaism)World religon (islam & judaism)
World religon (islam & judaism)Fatima Qayyum
 
Communication Skills
Communication SkillsCommunication Skills
Communication SkillsFatima Qayyum
 

Plus de Fatima Qayyum (17)

Keras CNN Pre-trained Deep Learning models for Flower Recognition
Keras CNN Pre-trained Deep Learning models for Flower RecognitionKeras CNN Pre-trained Deep Learning models for Flower Recognition
Keras CNN Pre-trained Deep Learning models for Flower Recognition
 
GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)
 
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
 
Gamification of Internet Security by Next Generation CAPTCHAs
Gamification of Internet Security by Next Generation CAPTCHAs Gamification of Internet Security by Next Generation CAPTCHAs
Gamification of Internet Security by Next Generation CAPTCHAs
 
Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document) Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document)
 
Stress managment
Stress managmentStress managment
Stress managment
 
Waterfall model
Waterfall modelWaterfall model
Waterfall model
 
Artificial Intelligence presentation
Artificial Intelligence presentation Artificial Intelligence presentation
Artificial Intelligence presentation
 
Subnetting
SubnettingSubnetting
Subnetting
 
UNIX Operating System
UNIX Operating SystemUNIX Operating System
UNIX Operating System
 
Define & Undefine in SQL
Define & Undefine in SQLDefine & Undefine in SQL
Define & Undefine in SQL
 
Security System using XOR & NOR
Security System using XOR & NOR Security System using XOR & NOR
Security System using XOR & NOR
 
Communication skills (English) 3
Communication skills (English) 3Communication skills (English) 3
Communication skills (English) 3
 
Creativity and arts presentation (1)
Creativity and arts presentation (1)Creativity and arts presentation (1)
Creativity and arts presentation (1)
 
BCD Adder
BCD AdderBCD Adder
BCD Adder
 
World religon (islam & judaism)
World religon (islam & judaism)World religon (islam & judaism)
World religon (islam & judaism)
 
Communication Skills
Communication SkillsCommunication Skills
Communication Skills
 

Dernier

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 

Dernier (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 

DNS spoofing/poisoning Attack Report (Word Document)

  • 1. Contents Application level attacks: DNS Spoofing/Poisoning ...................................................................... 2 DNS................................................................................................................................................. 2 How it works?.................................................................................................................................2 DNS Attacks:...................................................................................................................................2 DNS SPOOFING/POISONING ..................................................................................................... 3 Aims of Attackersfor DNS Spoofing:.................................................................................................4 How DNS Spoofing Occurs? .............................................................................................................4 WAYS TO EXPLOIT..................................................................................................................... 4 PREVENTION................................................................................................................................ 5 How to check DNS settings in Windows?..........................................................................................5 DNS ATTACKS IN PAST ............................................................................................................. 7 REFERENCES ............................................................................................................................... 8
  • 2. Information Security Project Report 2 | P a g e Application level attacks: DNS Spoofing/Poisoning DNS DNS stands for ‘Domain Name Server’. Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses. This is necessary because, even if domain names are easy for people to remember, computers or machines, access websites based on IP addresses [1]. How it works? DNS translates domain names to IP addresses so browsers can load internet resources. Information from all the domain name servers across the Internet are gathered together and housed at the Central Registry. Host companies and Internet Service Providers interact with the Central Registry on a regular schedule to get updated DNS information. When you type in a web address, e.g., www.google.com, your Internet Service Provider (ISP) views the DNS associated with the domain name, translates it into a machine friendly IP address (for example 74.125.236.32 is the IP for google.com) and directs your Internet connection to the correct website [1]. DNS Attacks: 1. Packet Interception 2. ID Guessing and Query Prediction 3. Name Chaining 4. Betrayal by Trusted Server 5. Denial of Service 6. Authenticated Denial of Domain Names 7. DNS Amplification Attack 8. DNS Cache Poisoning / DNS Spoofing
  • 3. Information Security Project Report 3 | P a g e 9. (DDoS) Distributed Denial of Service attack 10. BIND9 Spoofing DNS Amplification Attack: Attacker use DNS open resolvers by sending DNS requests with source IP address of the target. When Resolvers receive DNS queries, they respond by DNS responses to the target address. Attacks of these types use multiple DNS open resolvers so the effects on the target devices are magnified. (DDOS) Distributed Denial of Service: The attacker tries to target one or more of 13 DNS root name servers. The root name servers are critical components of the Internet. Attacks against the root name servers could, in theory, impact operation of the entire global Domain Name System. BIND9 Spoofing: BIND is most widely used DNS software on Internet. BIND 9 (Stable Production Release) BIND 9 DNS queries are predictable. Source UDP port and DNS transaction ID can be effectively predicted. BIND9 is found to be predictable to 10 choices. This enables a much more effective DNS cache poisoning than the currently known attacks against BIND 9. DNS SPOOFING/POISONING DNS spoofing, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker's computer [2]. DNS spoofing corrupts the domain name system, diverting internet traffic away from its intended destination. DNS spoofing is used to censor the internet, redirect end users to malicious websites, and carry out DDoS attacks on web servers. DNS spoofing is also known as: o DNS tampering o DNS hijacking o DNS redirection DNS attack tools are readily available on the Internet (for example, dsniff, dnshijack, and many more) and they are all FREE! DNS spoofing is an overarching term and can be carried out using various methods such as: o DNS cache poisoning o Compromising a DNS server o Implementing a Man in the Middle Attack o Guessing a sequence number However, an attacker’s end goal is usually the same no matter which method they use. Either they want to steal information, re-route you to a website that benefits them, or spread malware.
  • 4. Information Security Project Report 4 | P a g e Aims of Attackers for DNS Spoofing: There are a number of reasons why a hacker or other entity might do this: o Launch an attack: By changing the IP address for a popular domain like Google.com, for example, a hacker could divert a large amount of traffic to a server incapable of handling so much traffic. This can cause the server to slow down, stop, and encounter numerous errors. Such a “denial-of-service” attack can shut down a website or game server, for example. o Redirection: A corrupted DNS entry can redirect users to websites they do not intend to visit. A hacker might use this to send victims to a phishing site. Phishing sites often look identical to the real website but are operated by a hacker, tricking the user into entering private information such as their username and password. ISPs sometimes use DNS redirection to serve advertisements and collect user browsing data. o Censorship: Browsing the web is nearly impossible without DNS, so whoever controls the DNS server controls who sees what on the web. Government-controlled ISPs in China, for instance, use DNS tampering as part of their nationwide censorship system, known as the Great Firewall, to block websites from public view. How DNS Spoofing Occurs? DNS spoofing occurs in one of two ways: o Tampering with an existing DNS name server’s resolver cache, or o Creating a malicious DNS name server and spreading malware that makes routers and end user devices use it WAYS TO EXPLOIT In order to achieve DNS Amplification attack, the attacker performs two malicious tasks,
  • 5. Information Security Project Report 5 | P a g e 1. The attacker spoofs the IP address of DNS Resolver (converts domain name to IP address) and replaces it with the victims IP address. This is because all reply of the DNS server will respond back to victims’ server. 2. The attacker finds Internet domain registered with many DNS records. Ex domain.example.com, domain1.example.com etc. Then the attacker DNS query to get all records of example.com. Now the attacker is ready to launch the attack. In order to get all records for example.com with spoofed source IP (victims IP); the attacker sends multiple DNS queries from different computers with different DNS server. The request that comes from the DNS resolver to resolve the domain name to IP address but as the resolvers IP changed with the victims IP, all the response from the DNS server will go to the source server (victims). Now the attacker got the amplification attack because for the request a large no of response will send to the victim (sometimes 100 times larger). If the server generates 3 Mbps DNS query it amplifies to 300 Mbps in victim side which creates traffic which is the resource consuming task in victim’s side. So, the victim’s side will be so busy to handle the attack which leads to Denial of Service attack [3]. DNS resolvers like BIND use unpredictable values with each generated query. Since the corresponding values in the response must match the values sent in the query, it is difficult for a blind attacker, who does not see the query, to forge a valid response and insert a new name. The new vulnerability allows an attacker to de-randomize the IP address of the name server a BIND resolver queries—reducing the amount of information a blind attacker must guess to successfully poison BIND's cache. At issue is BIND's Smoothed Round Trip Time (SRTT) algorithm. Distributed Denial of Service Attacks constitutes a relatively new type of DNS based attack that has proliferated with the rise of high bandwidth Iot botnets like Mirai. This attack uses the high bandwidth connections of IP cameras, DVD boxes and other IoT devices to directly overwhelm the DNS server of major providers. The volume of requests from IoT devices overwhelms the DNS provider’s services and prevents legitimate users from accessing the provider’s DNS servers. PREVENTION How to check DNS settings inWindows? For Windows: 1) In the Start Menu, locate the Command Prompt menu item which is usually found in the Accessories. 2) Right click on the command prompt menu item and select Run As Administrator. 3) In the command prompt window type the following command:
  • 6. Information Security Project Report 6 | P a g e ipconfig/flushdns 4) If the problem persists type the following two commands: net stop dnscachenet startdnscache Thus, this is how DNS poisoning attach can be used while the method to prevent and avoid it is given above [9]. Detecting whether your DNS server has been tampered with or you’ve been infected with DNS changer malware can be difficult. Most of us don’t routinely check our DNS settings, and it may well be that only a few DNS entries have been poisoned. You might encounter more ads or involuntary redirection, but there may be no clear symptoms at all.That said, here are a few precautions you can and should take to protect yourself from DNS spoofing: o Always check forHTTPS:If DNS spoofing has led you to a malicious website, it will likely look identical or nearly identical to the genuine site you intended to visit. The difference is that the imposter won’t have a valid SSL certificate for the domain, which means you won’t see “https” or a closed padlock in your browser’s URL bar. The padlock indicates that your connection to the site is encrypted and verifies the server owner is who it says it is. Note that not all websites use HTTPS, so this is not a foolproof method. You can install the HTTPS Everywherebrowser extension to force your browser to always load the HTTPS version of a website when available. If you come across a site with HTTPS but it’s indicated in red or crossed out, then the SSL certificate is not valid and you should leave the site immediately. o Encrypted DNS:Due to the well-documented security weaknesses in DNS, a few vendors have stepped up to provide improved DNS security. DNSCrypt is perhaps the most popular of these for end users. DNSCrypt is a lightweight app that encrypts DNS traffic between the user and an OpenDNS nameserver, much in the same way that SSL encrypts traffic to websites that use HTTPS. This prevents spying, man-in-the-middle attacks, and, of course, DNS spoofing. You will need to configure your device to use an OpenDNS nameserver, which is free. o VPN:A VPN, short for Virtual Private Network, is a service that encrypts all the internet traffic going to and from your device and routes it through an intermediary server in a location of the user’s choosing. Quality VPN services use their own private DNS servers, and all DNS requests are sent through the encrypted tunnel. This means DNS requests
  • 7. Information Security Project Report 7 | P a g e cannot be intercepted or altered, and you’ll be using a (hopefully) secure nameserver. Note that not all VPNs are created equal. Some use public DNS servers like Google DNS, while others allow DNS requests to leak outside of the encrypted tunnel, which means the default nameserver is used. Be sure to research your VPN provider’s specifications regarding DNS servers and DNS leak protection before signing up. o Antivirus:Use up-to-date antivirus software and keep real-time protection enabled. This should stop malware payloads containing DNS changer malware from infecting your device and other devices, including routers, on the network. o Disable JavaScript andWebRTC: Known strains of DNS changer malware have found their way onto end user devices through the use of JavaScript and WebRTC. JavaScript is a programming language used in many web pages today, so going without it might be too inconvenient for some users. That being said, JavaScript is often used to deploy malware. WebRTC is a communications protocol used by browser-based Voice over Internet Protocol (VoIP) services like Skype for Chrome. Chances are you don’t need it, but it’s enabled by default in most browsers including Firefox and Chrome. In Chrome, you can disable WebRTC by installing the WebRTC Network Limiter extension. In Firefox, enter about:config in the URL bar. Search for the media.peerconnection.enabled parameter and set it to false. A good VPN will disable WebRTC for you. If you’re not sure whether WebRTC is enabled in your browser, you can run a test here. o DNSSEC:For those operating nameservers, Domain Name System Security Extensions (DNSSEC) provide sorely needed authentication. This suite of specifications ensures trust between the end user and the DNS server. With DNSSEC properly implemented, the user knows responses come from the domain name owner and not from a corrupted DNS entry. DNSSEC also does not encrypt DNS records [8]. DNS ATTACKS IN PAST In Brazil in November 2011, the users faced malicious redirections when trying to access websites such as YouTube, Gmail and Hotmail, as well as local market leaders including Uol, Terra and Globo. In all cases, users were asked to run a malicious file as soon as the website opened. Brazil has some big ISPs. Official statistics suggest the country has 73 million computersconnected to the Internet, and the major ISPs average 3 or 4 million customers
  • 8. Information Security Project Report 8 | P a g e each. If a cybercriminal can change the DNS cache in just one server, the number of potential victims is huge [5]. Similarly, in Turkey around September 2011, A Turkish hacker group diverted traffic to a number of high-profile websites including the Telegraph, UPS, Betfair, Vodafone, National Geographic, computer-maker Acer and technology news site the Register, putting unwary users at risk of having passwords, emails and other details stolen. Industry experts warned people not to log on to sites such as Betfair because their details could be stolen. Some people viewing the sites thought that they had been hacked directly, with the sites appearing to show a message in Turkish by a group called Turk Guvenligi, which last month carried out a similar attack on a Korean company. But in fact the sites themselves remained unaffected. The group had instead attacked the domain name system (DNS), which is used to route users to websites. A list of the sites affected by the hack, including Microsoft in Brazil and Dell in South Korea, was posted on the zone-hwebsite, used by hackers to list their successes [6]. Hacker with nickname AlpHaNiX defaces Google, Gmail, YouTube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning.DNS cache poisoning is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a name server [7]. REFERENCES [1]http://www.networksolutions.com/support/what-is-a-domain-name-server-dns-and-how-does- it-work/ [2] https://en.wikipedia.org/wiki/DNS_spoofing [3] https://securitycommunity.tcs.com/infosecsoapbox/articles/2017/11/03/dns-spoofing-how- protect-your-organization-it [4] http://www.cs.tufts.edu/comp/116/archive/fall2013/apolyakov.pdf [5] https://securelist.com/massive-dns-poisoning-attacks-in-brazil-31/31628/ [6] https://www.theguardian.com/technology/2011/sep/05/turkish-hacker-group-diverts-users [7] https://thehackernews.com/2011/12/dns-cache-poisoning-attack-on-google.html [8]https://privacy.net/dns-spoofing/ [9]https://www.slideshare.net/monark111/what-is-dns-poisoning