For everybody, just the words “spoofing” and “poisoning” can cause goosebumps rising all over the body. When it’s about DNS service providers, administrators, or online business owners, they are scary threats. The risk is real, and understanding it is vital for protecting your clients and your business.
What is cache poisoning (DNS spoofing)
Cache poisoning or DNS (domain name system) spoofing is a hacking attack. Malicious DNS data or files (forged records, a forged entry) are entered into the DNS cache of a resolver server to answer users’ requests by sending a forged record, like a fake IP address. The objective is clear: direct traffic to a destination where attackers will try to get users’ credentials and sensitive data.
The forged data trick users’ devices to work normally, like if they are going to the legit website they requested. Instead, they are heading to a dangerous destination controlled by attackers. Once users arrive, the website can look very similar to the one they expect. But they are in a forged copy.
Cache poisoning (DNS spoofing) techniques
There are different techniques criminals use to direct traffic to forged websites with illegal purposes.
- DNS cache poisoned through spam. Corrupted code frequently is included in ads, images, or URLs in spam e-mails. Once users click the URL, their devices get poisoned. Through the code, they will be guided to forged websites.
- Hijack of a DNS server. The hacker accesses the server, exploiting vulnerabilities, altering its configuration, introducing a fake entry, etc. As a result, every IP request trying to reach a specific website (the one spoofed) will get into the forged website.
- Man-in-the-middle technique (DNS responses’ spoofing). Here the objective is to poison both, server and user’s device at once. Attacker positions exactly between your browser and the DNS server, poisoning that communication through software to inject the code.
How to protect against cache poisoning (DNS spoofing)?
- Use encryption. Keep DNS data (queries and responses) safe through encryption. To forge a copy of the security certificate from the legit website criminals want to spoof just won’t be possible.
- Work on detection. There are tools (software) available for scanning the data received as a prior step of sending.
- Use domain name system security extensions (DNSSEC). It verifies the authenticity of data via DNS records digitally signed. This way, DNSSEC protects DNS lookup’s authenticity.
Since users are the main target of this criminal activity, they can also consider some preventive practices not to make criminals’ job so easy.
- Prefer a virtual private network (VPN) for connecting. Risks while getting connected to public networks are bigger. VPN will supply users an encrypted tunnel to safely communicate with servers and interact with the domains they visit.
- Don’t click strange links. To click blindly without a prior checking of the URLs is a big risk. This is especially true when such mischievous links come attached in spam messages, text, or social media messages, from unknown senders. Beating the temptation of directly clicking can save users’ sensitive data.
- Delete DNS cache. DNS data, especially of frequently visited websites, will remain saved for some time. It can happen that not the server anymore, but only a user’s computer is poisoned due to malicious code. Users can avoid being sent by their browsers to forged websites by regularly cleaning the DNS cache.
Business owners, DNS service providers, and users get badly damaged with cache poisoning (DNS spoofing). Security technology, safe practices, and being aware of risks are key not to be the next victims.