The Domain Name System (DNS) is a service used to resolve the Domain Name information that people can read and keep in mind, to IP addresses that machines can understand.
DNS (Domain Name System), the service used to resolve the IP address that machines understand. In other words, we can call it our phone book. DNS works by the user making a request to the website. The website domain name and IP address are located on DNS Server servers. A request is sent to the IP address corresponding to the domain name specified as a result of the request to the DNS Server, and an entry is made.
DNS Spoofing, an attack directed against unauthorized host Domain Name Server (DNS) and all requests. It routes all the attacker's DNS requests and traffic to its own machine, manipulating it maliciously, and stealing data. It is a dangerous attack because it is difficult to detect.
Many sites can be legally blocked. In this case, by having to change the DNS settings or use a program, prohibited sites are entered. In this case, the danger becomes even greater. Because DNS Spoofing, poisoning is very frequent.
DNS poisoning; It is an attack by adding the cache of a Domain Name System presentation to the database or changing the data from there. In this case, the attack occurs when IP addresses return or traffic is forwarded to another machine. Usually, this traffic is directed to the attacker's machine.
When we try to enter the website in the DNS Poisoning attack; the request is forwarded to a different address. On redirected sites, software such as viruses, scanners, pirated programs are also installed on our computer. Also, we will be redirected to a fake site that is very similar to the site we are trying to access and we will be trapped.
DNS poisoning; It is an attack by adding the cache of a Domain Name System presentation to the database or changing the data from there. In this case, the attack occurs when IP addresses return or traffic is forwarded to another machine. Usually, this traffic is directed to the attacker's machine.
When we try to enter the website in the DNS Poisoning attack; the request is forwarded to a different address. On redirected sites, software such as viruses, scanners, pirated programs are also installed on our computer. Also, we will be redirected to a fake site that is very similar to the site we are trying to access and we will be trapped.
It is also a method used in fraudulent activity. Especially for people who have a bank account and use online transactions. If the DNS cache is poisoned, you can be trapped and scammed. When the IP address has been changed in the cache entry; logging into your fake bank account instead of a bank account; With the changing site during login, your passwords can be stolen.
What are the types of DNS attacks?
Domain Hijacking
DNS Flood Attack
Distributed Reflection Denial of Services (DRDoS)
Cache Poisoning
TCP SYN Floods
DNS Tunneling
Random Subdomain Attack(Slow Drip)
Ways to Av0id DNS Attack
Unnecessary DNS resolvers on the network should be turned off. Legitimate solvers should be placed behind a firewall that does not have access outside the organization.
Access to name servers should be restricted. This restriction should be both physical access and network access.
Precautions should be taken against cache poisoning.
Known vulnerabilities should be patched immediately.
Administrator passwords of end users should be changed frequently.
Attention should be paid to the use of VPN by end users.
Two-factor authentication should be used when accessing the DNS registrar.
A whitelist IP list should be prepared, allowing access to DNS settings.
It should be set in such a way that DNS records cannot be changed without approval from only certain people.
source: https://www.turkhackteam.org/siber-guvenlik/1941942-dns-spoofing-saldirisi.html
çevirmen/translator: Captainyarimca
DNS (Domain Name System), the service used to resolve the IP address that machines understand. In other words, we can call it our phone book. DNS works by the user making a request to the website. The website domain name and IP address are located on DNS Server servers. A request is sent to the IP address corresponding to the domain name specified as a result of the request to the DNS Server, and an entry is made.
DNS Spoofing, an attack directed against unauthorized host Domain Name Server (DNS) and all requests. It routes all the attacker's DNS requests and traffic to its own machine, manipulating it maliciously, and stealing data. It is a dangerous attack because it is difficult to detect.
Many sites can be legally blocked. In this case, by having to change the DNS settings or use a program, prohibited sites are entered. In this case, the danger becomes even greater. Because DNS Spoofing, poisoning is very frequent.
DNS poisoning; It is an attack by adding the cache of a Domain Name System presentation to the database or changing the data from there. In this case, the attack occurs when IP addresses return or traffic is forwarded to another machine. Usually, this traffic is directed to the attacker's machine.
When we try to enter the website in the DNS Poisoning attack; the request is forwarded to a different address. On redirected sites, software such as viruses, scanners, pirated programs are also installed on our computer. Also, we will be redirected to a fake site that is very similar to the site we are trying to access and we will be trapped.
DNS poisoning; It is an attack by adding the cache of a Domain Name System presentation to the database or changing the data from there. In this case, the attack occurs when IP addresses return or traffic is forwarded to another machine. Usually, this traffic is directed to the attacker's machine.
When we try to enter the website in the DNS Poisoning attack; the request is forwarded to a different address. On redirected sites, software such as viruses, scanners, pirated programs are also installed on our computer. Also, we will be redirected to a fake site that is very similar to the site we are trying to access and we will be trapped.
It is also a method used in fraudulent activity. Especially for people who have a bank account and use online transactions. If the DNS cache is poisoned, you can be trapped and scammed. When the IP address has been changed in the cache entry; logging into your fake bank account instead of a bank account; With the changing site during login, your passwords can be stolen.
What are the types of DNS attacks?
Domain Hijacking
DNS Flood Attack
Distributed Reflection Denial of Services (DRDoS)
Cache Poisoning
TCP SYN Floods
DNS Tunneling
Random Subdomain Attack(Slow Drip)
Ways to Av0id DNS Attack
Unnecessary DNS resolvers on the network should be turned off. Legitimate solvers should be placed behind a firewall that does not have access outside the organization.
Access to name servers should be restricted. This restriction should be both physical access and network access.
Precautions should be taken against cache poisoning.
Known vulnerabilities should be patched immediately.
Administrator passwords of end users should be changed frequently.
Attention should be paid to the use of VPN by end users.
Two-factor authentication should be used when accessing the DNS registrar.
A whitelist IP list should be prepared, allowing access to DNS settings.
It should be set in such a way that DNS records cannot be changed without approval from only certain people.
source: https://www.turkhackteam.org/siber-guvenlik/1941942-dns-spoofing-saldirisi.html
çevirmen/translator: Captainyarimca
Moderatör tarafında düzenlendi:
