DNS stands for “domain name system” and it can be described as the index for the internet. It allows users to access information by translating a domain name (like kaspersky.com) into the corresponding IP address that a browser needs to load internet resources (for example, articles like this one). As a system, the DNS is used to track, catalog, and regulate websites all over the world.
In order to get a more detailed picture of what the DNS is, we need to take a look at how the DNS works. However, it’s important to first clarify the terms involved with this topic:
An Internet Protocol (IP) address is the number assigned to each unique computer and server. These IDs are what computers use to locate and “talk” to each other.
A domain (or domain name) is a text name that humans use to remember, identify, and connect to specific websites and their servers. For example, a domain like “www.kaspersky.com” is used as an easy way to understand the actual target server ID — i.e., an IP address.
Domain name system servers (DNS servers or DNS nameservers) are a collective of four server types that compose the “DNS lookup” process. They include the resolving name server, root name servers, top-level domain (TLD) name servers, and authoritative name servers. To get a better understanding, let’s detail the specifics of each of these servers:
Now that we’ve established the DNS definition and a general understanding of the DNS and its servers, we can explore exactly how it works.
When you search for a website via a domain name on your browser, you begin a process called “lookup.” The whole lookup journey has 6 stages:
The DNS lookup process is the vital framework used by the entire internet. Unfortunately, criminals can abuse vulnerabilities in DNS, meaning you’ll need to be aware of possible scams via redirects, often referred to as “spoofing” and “poisoning.” To help you avoid these threats, let’s explain what DNS spoofing and DNS poisoning are and how they work.
Domain Name System (DNS) poisoning and spoofing are types of cyberattack that exploit DNS server vulnerabilities to divert traffic away from legitimate servers towards fake ones. Once you’ve traveled to a fraudulent page, you may be puzzled as to how to resolve it — despite being the only one who can. You’ll need to know exactly how it works to protect yourself.
DNS spoofing and, by extension, DNS cache poisoning are among the more deceptive cyberthreats. Without understanding how the internet connects you to websites, you may be deceived into thinking the website itself is hacked. In some cases, it may just be your device. Even worse, cybersecurity suites can only stop some of the DNS spoofing-related threats.
In regard to DNS, the most prominent threats are two-fold:
Among the various methods for DNS spoof attacks, these are some of the more common:
Man-in-the-middle duping: Where an attacker steps between your web browser and the DNS server. A tool is used for simultaneous cache poisoning on your local device and server poisoning on the DNS server. The result is a redirect to a malicious site hosted on the attacker’s own local server.
DNS server hijacks: The criminal directly reconfigures the server to direct all requesting users to the malicious website. Once a fraudulent DNS entry is injected onto the DNS server, any IP request for the spoofed domain will result in the fake site.
DNS cache poisoning via spam: The code for DNS cache poisoning is often found in URLs sent via spam emails. These emails attempt to frighten users into clicking on the supplied URL, which in turn infects their computer. Banner ads and images — both in emails and on untrustworthy websites — can also direct users to this code. Once poisoned, your computer will take you to fake websites that are spoofed to look like the real thing. This is where the true threats are introduced to your devices.
Here are some common risks of DNS poisoning and spoofing:
DNS spoofing poses several risks, each putting your devices and personal data in harm’s way.
Data theft can be particularly lucrative for DNS spoof attackers. Banking websites and popular online retailers are easily hit, meaning any password, credit card, or personal information may be compromised. The redirects would be to phishing websites designed to collect your information.
Malware infection is yet another common threat with DNS spoofing. With a spoof redirecting you, the destination could end up being a site infested with malicious downloads. Drive by downloads are an easy way to automate the infection of your system. Ultimately, if you’re not using internet security, you’re exposed to risks like spyware, keyloggers, or worms.
Halted security updates can result from a DNS spoof. If spoofed sites include internet security providers, legitimate security updates will not be performed. As a result, your computer may be exposed to additional threats such as viruses or Trojans.
Censorship is a risk that is actually commonplace in some parts of the world. For example, China uses modifications to the DNS to ensure all websites viewed within the country are approved. This nation-level block, dubbed the “Great Firewall”, is one example of how powerful DNS spoofing can be.
Specifically, eliminating DNS cache poisoning is difficult. Since cleaning an infected server does not rid a desktop or mobile device of the problem, the device will return to the spoofed site. Furthermore, clean desktops connecting to an infected server will be compromised again.
When looking to prevent DNS spoofing, user-end protections are limited. Website owners and server providers are a bit more empowered to protect themselves and their users. To appropriately keep everyone safe, both parties must try to avoid spoofs.
Here's how to prevent these attacks for website owners and DNS service providers:
Here’s how to prevent these threats for endpoint users:
As a website owner or DNS server provider, the responsibility to defend users is firmly in your hands. You can implement various protective tools and protocols to keep threats out. Among these resources, you would be wise to use some of the following:
Users are particularly vulnerable to these kinds of threats. To avoid being a victim of a DNS poisoning attack, you should follow these simple tips:
Don’t leave yourself vulnerable to DNS spoofing and malware attacks. Protect yourself today with Kaspersky Home Security Products.
Related articles and links: