What is the summary of common means of DNS hijacking and DNS hijacking

Source: Internet
Author: User
Tags domain name server

What is DNS hijacking?
DNS hijacking also known as domain name hijacking, refers to the use of certain means to obtain a domain name of the analytic control, modify the resolution of the domain name, resulting in access to the domain name from the original IP address to the modified designated IP, the result is a specific URL can not access or access to the false web site. DNS hijacking is a kind of hacker technology, through this domain name fraud to reach the virus, cheat the user related data or invade other people's computers.
You typically experience DNS hijacking in the following situations:
1. User computer infected with virus, virus tampering Hosts file, add false DNS resolution record. The Hosts file in the Windows system has a higher priority than the DNS server, and the system detects the hosts file before querying the DNS server when accessing a domain name.
2. The site that the user is trying to access is maliciously attacked. You may have access to a deceptive website and may be directed to other sites as well.
3. The user has entered the wrong domain name in the browser, resulting in a DNS query for records that do not exist. In the past, browsers usually return an error message. Most of the time, users will see the ISP settings for the domain name correction system prompts.
The majority of users and enterprises, government webmaster How to prevent DNS hijacking?
1, using a secure and reliable DNS server to manage their own domain name, and pay attention to the timely four repair DNS-related vulnerabilities, update the latest patches;
2, protect their own important confidential information security, to avoid the domain name Management authority to be stolen;
3, improve the level of server security, timely repair systems and third-party software vulnerabilities, to avoid attack;
4, network management should be timely monitoring and improve the security of the Web page code to avoid the site was linked to the occurrence of horse events;
5, the majority of netizens should update the security software as soon as possible to intercept various network attacks, to avoid becoming a zombie network member


Some methods of DNS hijacking


mode one: Using DNS server for DDoS attack

The normal DNS server recursive query process may be exploited as a DDoS attack. Suppose an attacker knew the IP address of the attacked machine, and then the attacker used the address as the source address to send the resolution command. This allows the DNS server to respond to the original user when a recursive query is used with the DNS server, and the user is the victim. So if an attacker controls enough chickens and repeats them repeatedly, the attacker will be attacked by a response message from the DNS server.
Attackers have enough chicken herds to bring the attacker's network to a halt. An important challenge with DNS server attacks is that the attackers have concealed their whereabouts by not communicating directly with the attacked host, making it difficult for the victim to trace the original attack.

Mode two: DNS cache infection

An attacker uses DNS requests to place data in the cache of a vulnerable DNS server. These cached information will be returned to the user at the time of the client's DNS access, thus directing the user's access to the normal domain name to the intruder's set of horses, fishing, etc., or obtaining user password information through forged mail and other server services, causing the customer to suffer further infringement.

Mode three: DNS information hijacking

The TCP/IP system avoids the insertion of phishing data in many ways, such as serial numbers, but an intruder can guess the DNS query ID that the server responds to the client by listening to the conversation between the client and the DNS server. Each DNS packet includes an associated 16-bit ID number that the DNS server obtains the requested source location from. An attacker who gives a false response to a user before the DNS server deceives the client to visit a malicious Web site. Suppose that when a DNS packet data is intercepted for a domain name resolution request submitted to a domain name server, then a false IP address is returned to the requester as a response by the intent of the interceptor. The original requester accesses the bogus IP address as the domain name it wants to request, so that he is deceived elsewhere without any connection to the domain name he wants to visit.

Mode four: DNS redirection

An attacker redirects a DNS name query to a malicious DNS server, and the resolution of the hijacked domain name is completely under the control of the attacker.

Mode five: ARP spoofing

ARP attack is to spoof IP address and MAC address to achieve ARP spoofing, can generate a large number of ARP traffic in the network blocking the network, the attacker as long as the continuous issue of fake ARP response packets can change the target host ARP cache IP-MAC entries, resulting in network interruption or man-in-the-middle attack. ARP attacks are mainly in the LAN network, if there is a computer in the LAN infected with ARP virus, the system infected with the ARP virus will try to "ARP spoofing" means to intercept the communication information of other computers in the network, and thus cause the communication of other computers in the network fault.
ARP spoofing is usually in the user's local network, causing the user to access the domain name error point. If the IDC engine room is also invaded by ARP virus, it may also appear that the attacker uses ARP packets to suppress the normal host, or suppress the DNS server so that access-oriented errors point to the situation.

Mode VI: Native hijacking

When the computer system is infected with Trojan or rogue software, some domain name access anomaly may also occur. such as access to the horse or fishing site, inaccessible and so on. The method of local DNS hijacking includes Hosts file tampering, local DNS hijacking, SPI chain injection, BHO plug-in and so on.

Okay, probably about the DNS hijacking method that's all. So it is important to do your own calculation of security.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.