Details about DNS cache poisoning attacks

DNS cache poisoning attacks refer to attacks that trick the DNS server into believing the authenticity of forged DNS responses. This type of attack aims to redirect victims who depend on this DNS server to other addresses, for example, redirect all requests that access www.cnn.com to www.playboy.com. The typical application of this type of attack is a phishing attack, which redirects the access from a bank to all the spoofed websites of hackers.

A dns srv record helps the SIP call to dial up, just as the MX record helps map the e-mail address to the correct email server. In some cases, dns srv records are used to forward specific SIP requests to specific proxy servers, especially servers outside the company. This method poses a special danger. If an attacker can tamper with the list of such materials to redirect all calls to a region to the external Proxy Server controlled by the attacker.

A simple DNS cache poisoning attack is as follows. for reference to the documentation of the DNS audit tool DNSA, see http://www.packetfactory.net/projects/dnsa:

. /Dnsa-3-D release-S normal_host_IP-s DNS_server_which_is_doing_the_request-a host_in_additional_record-B ip_in_the_additional_record-I INTERFACE. /dnsa-3-D hacker.pirate.org-S 100.101.102.103-s 194.117.200.10-a www.microsoft.com-B 1.2.3.4-I eth0 DNS cache poisoning Countermeasure

DNS cache poisoning can be almost completely avoided (not in fact-the Translator's note), provided that the DNS server is properly configured. This includes forcing the server to check the DNS response information forwarded by other non-authoritative servers and discarding any returned DNS response records unrelated to the original query. Many of the latest DNS servers are no longer affected by such attacks by default.