Details about DNS cache poisoning attacks

Source: Internet
Author: User
Tags mx record

DNS cache poisoning attacks refer to attacks that trick the DNS server into believing the authenticity of forged DNS responses. This type of attack aims to redirect victims who depend on this DNS server to other addresses, for example, redirect all requests that access www.cnn.com to www.playboy.com. The typical application of this type of attack is a phishing attack, which redirects the access from a bank to all the spoofed websites of hackers.

A dns srv record helps the SIP call to dial up, just as the MX record helps map the e-mail address to the correct email server. In some cases, dns srv records are used to forward specific SIP requests to specific proxy servers, especially servers outside the company. This method poses a special danger. If an attacker can tamper with the list of such materials to redirect all calls to a region to the external Proxy Server controlled by the attacker.

A simple DNS cache poisoning attack is as follows. for reference to the documentation of the DNS audit tool DNSA, see http://www.packetfactory.net/projects/dnsa:

. /Dnsa-3-D release-S normal_host_IP-s DNS_server_which_is_doing_the_request-a host_in_additional_record-B ip_in_the_additional_record-I INTERFACE. /dnsa-3-D hacker.pirate.org-S 100.101.102.103-s 194.117.200.10-a www.microsoft.com-B 1.2.3.4-I eth0 DNS cache poisoning Countermeasure

DNS cache poisoning can be almost completely avoided (not in fact-the Translator's note), provided that the DNS server is properly configured. This includes forcing the server to check the DNS response information forwarded by other non-authoritative servers and discarding any returned DNS response records unrelated to the original query. Many of the latest DNS servers are no longer affected by such attacks by default.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.