Hijacking a query

We now have a glimpse of what the Domain Name System is, how it was developed and how it is used.

Now less look at how it is used against you.

There are many techniques that are used to fool or force the DNS to return an incorrect IP address.

DNS cache poisoning is where the DNS server you are querying, or the one it queries, has it cache modified by an unauthorized party. While it remains an issue, since this is well understood, many techniques have been implemented to mitigate or eliminate this issue. Since it is typically happening at a server you have no control of, it becomes hard for the end user to address.

Another technique that is frequently employed by an ISP or third party DNS provider is to return an IP for a known server when an invalid or nonexistent domain name is requested. The impact of this ranges from none, annoying, to directing your computer to a site that my download malicious code.

If a successful hijacking occurs it may be to direct you to a site that will act as a middleman to the site you intended. An example of this man-in-the-middle attack is when you are intending to sign into an account at a financial institution. The IP address returned is a malicious server that will simply take your web queries and pass them to the bank and when the bank responds it will send the data to you. As far as you see, the transaction went as planned.

However, since all the raw data now becomes available to the malicious server, such as your account numbers and passwords, you are now exposed to a potential loss not only of data, but funds or other assets.

There are techniques, such as site certificates, that mitigate this issue, but not necessarily completely. The largest issue is frequently the user simply ignores the security warning.

ShofarNexus™ ● ShofarNexus.com

Why DNS?

The impact of how DNS resolution is done and what power it gives to those who know how to use it should concern anyone who uses the Internet.