2. Technology Based Attacks

2.4. DNS Poisoning

DNS poisoning explanation slide

Audio 

 

Transcript

So let's talk about DNS poisoning.  

DNS clients send requests for names to IP address resolution.  

So when you type in ESPN.com, what DNS does, is says “Oh, ESPN.com is at this IP address, and it gets you to the correct IP address so that you don't have to remember every IP address that you go to. 

What they do in DNS poisoning is the attacker will attempt to refresh or update records on a different address than the correct one.  

So, say you think you're going to your company's website, it will try to redirect you to a fake site, so it gives a fake site address.  

Those sites are going to look identical.  

They will have spoofed to copy everything about your company website, right.  

They use it to steal name and password combinations.  

So, say you get to the site and you got to log in, you're going to log in your name and password, a lot of times it'll come back giving you an error message like you can't be logged in. 

Sometimes it will bounce you from there to the correct page and it looks like you're having to log in again.  

So, but they're really good for stealing passwords.  

Sometimes it'll be they'll send the thing out where you try to go to your e-mail server, and they'll redirect you to another source, and then you put in your e-mail passwords, and then they steal that information. 

Banking, anything that they can use.  

And this is golden stuff because a lot of people use this the same username and passwords across multiple sites.  

So, if I get your login information to one site, I might try multiple other sites to see if I can gain access. 

Steals name and password combinations that are entered into the fake site. 

DNS servers should be limited in the updates they accept.  

So you can put in controls as to what updates can be done to a DNS server and then you can restrict DNS servers from which the server will accept updates. 

You can put in those restrictions so that your DNS server can only be updated by sources that you know are authentic and trusted. 

But that's what they try to do in DNS poisoning. 

They tried to redirect you to a fake site so they can steal your information. 

Tags: