Monday, August 8, 2011 1 comments
tutorial on DNS Spoofing Attack
DNS is used as a short term of Domain Name System. Each system connected to the network or internet has a uniqe IP address on the network or internet.In earlier days of the internet, for accessing a website, you needed to know the IP address of the webserver hosting that website. But suppose in the latest interneth having millions of website online, can you remember all ip address. NO. DNS was the solution of this problem. It translate the domain name into ip addresses. The work is still on the ip addresses but DNS helps you in that. When we use a domain name to communicate with another host, DNS service must translate the name into the corresponding IP address.
DNS server keeps the database of domain names and its ip addresses. Now i have written enough on DNS. next is DNS spoofing. DNS spoofing attack includes changing the entry of ip adress of a domain name to some other ip address. suppose www.abs.com has entry for the ip1. which is the ip of the server which have abc.com hosted. but we have changed the ip entry to ip2. Now the people trying to access the website abc.com will see the page running on the server of ip2 which is not the actual website. ip2 may contain phishing pages.
But how can you change the entry of the ip address of a domain name in DNS server. For this read the full tutorial.
There are 2 types of DNS spoofing attack
- DNS cache poisoning
- DNS ID Spoofing.
DNS cache poisoning: DNS server use cache serving for fast retrival of data. Resolver of DNS server check cache first before resolving from the ip address from server database. the most recent entries can be found in the cache. DNS cache poisoning consists of changing or adding records in the resolver caches, either on the client or the server, so that a DNS query for a domain returns an IP address for an attacker’s domain instead of the intended domain. i will write in detail in upcoming posts.
DNS ID Spoofing: DNS ID spoofing, an attacker hack the random identification number in DNS request and reply a fake IP address using the hacked identification number. Random identification number is used in the request and response packets for identification of user and server. User get the reply from the attacker with fake IP, not by the DNS server. And hijacked identification number help attackers response to be verified at users system.
This is a simple tutorial on DNS spoofing attack. I know the type of attackes are too short to understand for beginers. I will try to write in detail in upcoming posts.