DNS spoofing is a way in which Domain Name System data is
altered, causing the name server to return an incorrect result. Thus,
redirecting the request to phishing which is a malicious way to obtain
sensitive information like user credentials by impersonating a trustworthy or
fraudulent website. This concept can be achieved by being Man-in-the-middle.
To know more about DNS Servers,
click here.
The way to access any computer on the Internet is using the IP Address.
However, if we visit a site like hackhunt.in; we never use the IP
address. That’s where the DNS server comes into play. So, when you type
hackhunt.in
in the browser, the computer doesn’t know where it is and hence asked for IP
to DNS Servers.
The DNS servers then look for A record for the
hackhunt.in in its database and return the IP Address to the
requesting computer. In this case, Alice is requesting
hackhunt.in to the DNS server. After looking into its table,
the DNS server replies with an IP address i.e., 172.16.5.100.
Alice will receive the response with the IP address of the server. The
browser will then send a request to that IP address to connect with Alice’s
Computer.
Now, this can be exploited as there is no verification of the request at Alice’s Computer. If Eve is the Man-in-the-middle, then all the traffic will pass through Eve's PC and Eve can be able to modify the data. So now if Alice makes a DNS request for hackhunt.in, the request will go through Eve’s PC.
Eve will forward the request to the DNS server and waits for the response.
When Eve will receive the DNS response with the IP address, she will change
the IP address to a malicious site and send it to Alice.
In this example, the IP address of the website is changed to 172.16.2.100.
When Alice’s Browser will receive this response, it will try to connect it to
that IP address without verifying the response.
Alice will never know that she is connected to a phishing or malicious site.
In this way, DNS requests are poisoned and redirect the victim to a fake
website.
We hope this helps. If any suggestions or doubts you can add a comment and we
will reply as soon as possible.
No comments:
Post a Comment