What is Dns Cache Poisoning?

A DNS server is a computer server that contains a database of public IP addresses and their associated hostnames, and in most cases, serves to resolve, or translate, those common names to IP addresses as requested. DNS servers run the special software and communicate with each other using special protocols.

In the more easy way to understand terms: a DNS server on the internet is the device that translates that www.amazon.com you type in your browser to the 151.101.129.121 IP address that it really is. Therefore, we have DNS servers because we not only want to use human-readable names to access websites, but the computers need to use IP addresses to access websites. The DNS server is that translator between the hostname and IP address

DNS Cache Poisoning

DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.

One of the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server. In 2010, a DNS poisoning event resulted in the GreatFirewall of China temporarily escaping China’s national borders, censoring the internet in the USA until the problem was fixed.

However, if the malware changed your DNS server settings (which can happen behind the scenes without your knowledge), entering the same URL might take you to a completely different website, or more importantly, to a website that looks like your bank website but really isn't. This fake bank site might look exactly like the real one but instead of letting you log in to your account, it might just record your username and password, giving the scammers all the information they need to access your bank account.

Usually, however, malware that hijacks your DNS servers generally just redirects popular websites to ones that are full of advertisements or fake virus websites that make you think you have to buy a program to clean an infected computer.

TheInternet doesn’t just have a single DNS server, as that would be extremely inefficient. Your Internet service provider runs its own DNS servers, which cache information from other DNS servers. Your home router functions as a DNS server, which caches information from your ISP’s DNS servers. Your computer has a local DNS cache, so it can quickly refer to DNS lookups it’s already performed rather than performing a DNS lookup over and over again.

DNS poisoning like this can also spread. For example, if various Internet service providers are getting their DNS information from the compromised server, the poisoned DNS entry will spread to the Internet service providers and be cached there. It will then spread to home routers and the DNS caches on computers as they look up the DNS entry, receive the incorrect response, and store it.

CDNetworks offers a managed,cloud-based, authoritative and global DNS service, which ensures websites can be reached, efficiently and quickly. User portal with advanced management and control features.EnsuresDNS security, protecting against spoofing and cache poisoning.Always available thanks to built-in redundancy.Fast responses across the globe.User-friendly, intuitive set-up and management.

Prevent Cache Poisoning Attacks:

1. Install an antivirus program so that malicious programs are caught before they can do any damage.
2. Be aware of how a website looks. If it's slightly off of what it usually looks like or you're getting an "invalid certificate" message in your browser, it might be a sign that you're on an imitation website.
3. Always first check whether the site address has ‘https’ and not ‘HTTP’ when providing any personal information such as username or password.
4. If the site gets redirected to any other web page not expected on clicking, immediately close the tab. This might prevent you from installing any malware to your pc.

There are several measures that enterprises should take to prevent DNS cache poisoning attacks. For starters, IT teams should configure DNS servers to rely as little as possible on trust relationships with other DNS servers. Doing so will make it more difficult for attackers to use their own DNS servers to corrupt their targets’ servers. Beyond limiting trust relationships on the DNS, IT teams should ensure that they’re using the most recent version of DNS. Domain Name Systems that use BIND 9.5.0or higher include features such as port randomization and cryptographically secure Transaction IDs, both of which help prevent cache poisoning attacks.

The DNS server should be maintained to ensure that it is clear of any services that aren’t needed. Extraneous services running on the DNS server only provide attackers with more potential attack vectors. There are also cache poisoning tools available to help organizations prevent cache poisoning attacks. The most popular cache poisoning prevention tool is probably DNSSEC (Domain Name System Security Extension). DNSSEC is a cache poisoning tool developed by the Internet Engineering Task Force that provides secure DNS data authentication.

DNSSEC is a technology that was developed to, among other things, protect against such attacks by digitally 'signing' data so you can be assured it is valid. However, in order to eliminate the vulnerability from the Internet, it must be deployed at each step in the lookup from root zone to final domain name (e.g., www.icann.org). Signing the root(deploying DNSSEC on the root zone) is a necessary step in this overall process. Importantly it does not encrypt data. It just attests to the validity of the address of the site you visit.

DNSSEC works by digitally signing records for DNS lookup using public-key cryptography. The correct DNSKEY record is authenticated via a chain of trust, starting with a set of verified public keys for the DNS root zone which is the trusted third party. Domain owners generate their own keys and upload them using their DNS control panel at their domain-name registrar, which in turn pushes the keys via sec DNS to the zone operator (e.g., Verisign for .com) who signs and publishes them in DNS.

I have created a link through which I was able to acquire username and password of their Facebook account of several friends by telling them that if they log in via Facebook account they would get free INR100 in their paytm wallet. Therefore when the user enters his account details the information of details get into my mail and the user is redirected to paytm website so that no suspicious is created.