After Twitter, Baidu has also been hacked by the Iran cyber army to learn the technology "DNS Cache hosting oning ".

Just a few weeks after Twitter was hacked, Baidu was attacked by the Iran organization named "Iranian cyber army". For more information, see the following link:

 

Http://thenextweb.com/asia/2010/01/12/breaking-baidu-hacked-iranian/

Http://news.cnet.com/8301-1023_3-10418140-93.html

 

The technologies used are DNS cache poisoning or DNS Cache pollution ), that is, attackers can exploit the DNS server's caching function and DNS software vulnerabilities to attack the DNS server and change the IP address corresponding to a domain name to the IP address or domain name specified by the attacker, forward users' requests to the domain name to an incorrect IP address. If the attacker places malicious content on the server the user forwardsCodeOr virus, the visitor's computer may download or execute the code.

 

Generally, DNS servers cache previously resolved domain names to speed up domain name resolution. Therefore, when a DNS server is attacked, the IP address of the cached error resolution will also be provided to future resolution requests, and the downstream server of the DSN server will also share the cache for Wrong domain name resolution.

 

A simple explanation is:

1. What is the IP address corresponding to www.baidu.com received by the DNS server?

2. DNS server: the IP address corresponding to www.baidu.com is 127.0.0.1.

If the DNS server does not verify the obtained answer, attackers may send a false response to the DNS server of Baidu.com. the DNS server of Baidu treats the false response as true, forward users' requests and cache the answers. Therefore, when users access Baidu.com in the future, they will be directed to the IP address specified by the attacker.