DNS Cache Poisoning

DNS cache poisoning is the manipulation of DNS resolver cache by injecting corrupted DNS data. This forces the DNS server to send the wrong IP address to the victim and redirect them to the attacking system. The high-level steps of DNS cache poisoning are:

Attacker corrupts DNS server cache to impersonate website. Before the attack, the DNS server resolves the correct IP address.
After poisoning, the DNS server resolves the website address to the attacker IP.
The victim requests the IP address of the website from the server.
The server replies with the IP of the attackers system.
An HTTP GET is sent to attacking system, and the attacker impersonates the website.

DNS servers can be configured to mitigate this. Servers using BIND 9.5.0 and up have features to help prevent DNS cache poisoning such as: randomisation of ports and provision of cryptographically secure DNS transaction identifiers. Recursive DNS queries can also be limited alongside restricting query responses to provide only information about the requested domain.

Last updated 22 days ago

DNS Cache Poisoning

Attacker corrupts DNS server cache to impersonate website. Before the attack, the DNS server resolves the correct IP address.
After poisoning, the DNS server resolves the website address to the attacker IP.
The victim requests the IP address of the website from the server.
The server replies with the IP of the attackers system.
An HTTP GET is sent to attacking system, and the attacker impersonates the website.

Last updated 22 days ago