DNS stands for “domain name system.” Domain names are the human-readable website addresses we use every day. For example, Google’s domain name is google.com. If you want to visit Google, you just need to enter google.com into your web browser’s address bar.
Fig1: Command Prompt
However, your computer doesn’t understand where “Google.com” is.
Behind the scenes, the Internet and other networks use numerical IP addresses
(“Internet protocol” addresses). Google.com is located at the IP address
173.194.39.78 on the Internet. If you typed this number into your web browser’s
address bar, you’d also end up at Google’s website. We use Google.com instead
of 173.194.39.78 because addresses like Google.com are more meaningful and
easier for us to remember. DNS is often explained as being like a phone book –
like a phone book, DNS matches human-readable names to numbers that machines
can more easily understand.
Fig 2 :Poison
DNS cache poisoning, also known as DNS spoofing, is a type of
attack that exploits vulnerabilities in the domain name system (DNS) to divert
Internet traffic away from legitimate servers and towards fake ones. One of the
reasons DNS poisoning is so dangerous is because it can spread from DNS server
to DNS server. In 2010, a DNS poisoning event resulted in the Great Firewall of
China temporarily escaping China’s national borders, censoring the Internet in
the USA until the problem was fixed.
How DNS Works:
Whenever your computer contacts a domain name like “google.com,”
it must first contact its DNS server. The DNS server responds with one or more
IP addresses where your computer can reach Google.com. Your computer then
connects directly to that numerical IP address. DNS converts human-readable
addresses like “Google.com” to computer-readable IP addresses like “173.194.67.102″.
Fig3: Working Of DNS
DNS Caching
The Internet doesn’t just have a single DNS server, as that would
be extremely inefficient. Your Internet service provider runs its own DNS
servers, which cache information from other DNS servers. Your home router
functions as a DNS server, which caches information from your ISP’s DNS
servers. Your computer has a local DNS cache, so it can quickly refer to DNS
lookups it’s already performed rather than performing a DNS lookup over and
over again.
Fig4: DNS Caching
DNS
Cache Poisoning:
A DNS cache can become poisoned if it contains an incorrect entry.
For example, if an attacker gets control of a DNS server and changes some of
the information on it — for example, they could say that Google.com actually
points to an IP address the attacker owns — that DNS server would tell its
users to look for Google.com at the wrong address. The attacker’s address could
contain some sort of malicious phishing website. DNS poisoning like this can
also spread. For example, if various Internet service providers are getting
their DNS information from the compromised server, the poisoned DNS entry will
spread to the Internet service providers and be cached there. It will then
spread to home routers and the DNS caches on computers as they look up the DNS
entry, receive the incorrect response, and store it.
Fig5: The Globe
The Great Firewall of China Spreads to the US:
This isn’t just a theoretical problem — it has happened in the
real world on a large scale. One of the ways China’s Great Firewall works is
through blocking at the DNS level. For example, a website blocked in China,
such as twitter.com, may have its DNS records pointed at an incorrect address
on DNS servers in China. This would result in Twitter being inaccessible
through normal means. Think of this as China intentionally poisoning its own
DNS server caches.
Fig5: The Globe
In 2010, an Internet service provider outside of China mistakenly
configured its DNS servers to fetch information from DNS servers in China. It
fetched the incorrect DNS records from China and cached them on its own DNS
servers. Other Internet service providers fetched DNS information from that
Internet service provider and used it on their DNS servers. The poisoned DNS
entries continued to spread until some people in the US were blocked from
accessing Twitter, Facebook, and YouTube on their American Internet service
providers. The Great Firewall of China had “leaked” outside of its national
borders, preventing people from elsewhere in the world from accessing these
websites. This essentially functioned as a large-scale DNS poisoning attack.
The Solution:
The real reason DNS cache poisoning is such a problem is because
there’s no real way of determining whether DNS responses you receive are
actually legitimate or whether they’ve been manipulated.
The long-term solution to DNS cache poisoning is DNSSEC. DNSSEC
will allow organizations to sign their DNS records using public-key
cryptography, ensuring that your computer will know whether a DNS record should
be trusted or whether it’s been poisoned and redirects to an incorrect
location.
Interesting article...
ReplyDeleteGood post, thanks :)
ReplyDeletethis stuff works..! thanx..! :)
ReplyDeleteA nice article with a lucid illustration, thatz all i can comment here. If u r interested in writing guest articles for my blog, i will be welcoming u. here is my blog www.hacktheway.org
ReplyDeleteheyyy....very Nice Article...and website contains lots information...Thanx....
ReplyDeletegreat work...keep it up:)
ReplyDeletenice sharing but if u want to do it practically in LAN or local pc ... I can help u ... just mail me us344ack@gmail.com
ReplyDeleteGood one..
ReplyDeletevery gud...gr8 work...keep it up...very nice article...
ReplyDeletehmmmm very usefull
ReplyDeletenice...but is it practically work?//
ReplyDeleteand is it work on windows 8
Deleteimformative
ReplyDelete