What is DNS Poisoning Attack

DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.

The DNS poisoning technique takes advantage of a DNS server’s tables of IP addresses and host names by replacing the IP address of a host with another IP address that resolves to an attacker’s system. For example, a malicious user can masquerade her own web server by poisoning the DNS server into thinking that the host name of the legitimate web server resolves to the IP address of the rogue web server. The attacker can then spread spyware, worms, and other types of malware to clients connecting to her web server.

One of the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server. This type of attack has a great potential for damage, as several thousand clients can be using the DNS server or its cache of IP addresses and host names, and all of them will be redirected to the poisoned address in the DNS cache tables.

The malicious attacker can perform this attack by exploiting vulnerabilities in a DNS server that does not perform authentication or any type of checks to ensure the DNS information is coming from an authentic source. This information can be passed from one DNS server to another, almost like a worm, and the rogue address can be quickly spread. Most DNS software has been updated to prevent these types of attacks, and typically only out-of-date DNS software is vulnerable to DNS poisoning.


Did you find this tutorial helpful? Don’t forget to share your views with us.