Risk of DNS spoofing and Poisoning
The following risks can occur at the time of DNS spoofing and poisoning,
Several risks can be possessed by DNS spoofing, which put our personal information and our device in harm's way.
Data theft: DNS spoof attackers are lucrative by data theft. Attackers can easily spoof popular online retailers and banking websites, which means that we may compromise credit cards, passwords or personal information. Our personal information will be redirected to phishing websites.
Malware infection: In DNS spoofing, another common threat is malware infection. We will redirect by the spoof. The destination might be a site that is infested with malicious downloads. The infection of our system can be easily automated using the Drive by downloads. Ultimately, without using internet security, we are taking ourselves into risks like worms, keyloggers or spyware.
Halted security updates: As a result of DNS spoof, the security updates can be halted. If the internet security providers are included in the spoofed sites, we can't perform legitimate security updates. Due to this, some additional threats can be exposed by our computers, like Trojan horse or virus.
Censorship: In the world, some parts have this type of risk that is commonplace. For example, in order to check that the user will never view the unapproved websites in their country, China mostly does modifications in the DNS. In order to show the power of DNS spoofing, another example can be dubbed the Great Firewall and native level block.
Difficult to eliminate DNS cache poisoning: The problem of mobile device or desktop will not be rid of by cleaning an infected server. As a result, a spoofed site will return by the device. Furthermore, if the infected server and clean desktop are connected to each other, a desktop will be compromised again.
Attacks of DNS spoofing
To detect this type of attack as cybercrime is never an easy task. On 9 January 2019, a report was released by security vendor FireEye about the "Global DNS Hijacking Campaign". The report tells us details of how the espionage campaign, but some information about their victim was also included in that report. The FireEye report about a rare emergency directives ordering is also issued by the U.S. Department of Homeland Security. In the report, the login credentials must be secured by all U.S. federal civilian agencies for the records of their internet domain.
The seriousness of this attack is brought by the Kaminsky attack, which was performed against a vulnerable server. On the CVE page, the following issue is described:
When the implementation of DNS protocol occurs in (1), it BINDS 8 and 9 before 9.5.0-P1, 9.4.2-P1. (2) Microsoft DNS in Windows 2000 SP4, XP SP2, and SP3, and other servers 2003 SP1 and SP2.
Next TopicBasic Msfconsole commands