Featured:
Allergies
Tech Know
Grilling Guide
eHow Now Blog

What Is DNS Hijacking?

DNS is an abbreviation for Domain Name System, a distributed database that translates domain names -- unique names used to identify Web pages -- into numerical Internet Protocol, or IP, addresses. DNS hijacking occurs when an attacker inserts incorrect IP addresses into the DNS database and so redirects Internet traffic from one domain to another of her choosing.

  1. DNS Cache Poisoning

    • DNS servers store all local DNS zone files -- text files that hold resource records for all the domain names associated with the zone -- in small, high-speed memory, known as a cache. Attackers "poison" the DNS cache by injecting false IP addressing data, which siphons Internet traffic away from legitimate websites to their own servers. The owner of a website that falls victim to DNS cache poisoning may notice a reduction in network traffic, but users remain oblivious to the attack and may enter sensitive information in the belief that they're still using a legitimate, secure website.

    Email Spoofing

    • DNS hijacking can also be performed by a technique known as email spoofing. DNS names are typically registered by sending an email request to the Internet Corporation for Assigned Names and Numbers, or ICANN. The request is authenticated by the return email address, so if the return address is spoofed -- the email header is forged, so that it appears to have come from somewhere other than the actual source -- false IP address information is stored in DNS servers.

    Other Attacks

    • A DNS hijack can also be achieved by a so-called brute-force attack on a DNS server. An attacker compromises the security of the DNS server itself and inserts false information into the DNS database directly. To perform this type of attack, an attacker must have physical access to a DNS server. DNS error can also happen inadvertently, if a system administrator enters incorrect information into a DNS server by accident.

    Considerations

    • DNS hijacking allows an attacker to take complete control of a domain, however large or small. The 100-million-user social networking site Twitter was taken offline in 2010 by a group of attackers who took control of the DNS records for the twitter.com domain and pointed it toward an IP address that they controlled. The latest security standard for DNS, known as Domain Name System Security Extensions, or DNSSEC, does, however, provide DNS servers to validate the data they receive and so provide a degree of protection against DNS hijacking.

Related Searches:

References

Comments

Related Ads

thumbnail
Featured