PhilipHacking DNS servers has become a popular and profitable business for hackers. Through time, they have developed different techniques to reach their criminal objectives. Here you have a list of common DNS attacks you should be aware of.
DNS spoofing
The objective of DNS spoofing is to infect a DNS server and change its address records with those of a bad actor’s site. That site looks and feels like the real one, but it is a fake copy.
The users are deceived that the traffic is oriented to the right site. When users reach this malicious destination, they are pushed to share sensitive personal or banking information.
DNS spoofing attack often happens with banking services. Imagine if you are redirected to a site that looks the same as Paypal.com, but the domain is Pay-pal.com. If you are not paying attention to the address bar, you can be cheated, and you can lose money.
DNS tunneling
DNS tunneling takes advantage of the DNS to tunnel malware or malicious data on a client-server model. Users can’t realize they are communicating with an infected server and get malicious code in the form of DNS queries.
Usually, a criminal registers a domain name. Its server points to a server controlled by this attacker where he or she has already installed tunneling malware (software). Once a user sends a DNS request, the DNS resolver routes it to the criminal’s server. The user (victim) and the attacker get connected through the DNS resolver. The tunnel is made, and it can be used to steal important information or more malicious objectives.
DNS amplification attack
Let’s start with a reference so that we can explain this attack. The popular DoS and DDoS attacks shared the same objective, to deny the service of a network, website, or computer’s resources to users. Commonly, to get it, criminals flood a DNS server (victim) with huge amounts of traffic. While a DoS can get its purpose using a source of traffic, a DDoS can use millions of worldwide sources (bots) and amplify them to overwhelm its victim.
A DNS amplification attack follows this pattern. It exploits vulnerabilities in the DNS by sending huge numbers of forged DNS requests for multiple DNS records to DNS resolvers. The answer will get multiplied by the number of DNS records requested. The massive response aims to overwhelm and shut down a server.
DNS rebinding
A DNS rebinding attack is a way to manipulate the DNS resolution of domain names. A malicious web page makes users run a client-side script that will attack computers elsewhere on the network. The same-origin policy forces browsers to give access to the content only to the host that created the script. This attack violates this policy and exploits the system by abusively resolving domain names. The browser communicates with remote servers that it shouldn’t exchange data with.
Suggested article: Detailed guide of how DNSSEC works
Conclusion
Remember this list of common DNS attacks. If you know the threat, you can shield your business more effectively!