Concept of Domain Name Server (DNS) Spoofing

July 02, 2022

DNS spoofing is a way in which Domain Name System data is altered, causing the name server to return an incorrect result. Thus, redirecting the request to phishing which is a malicious way to obtain sensitive information like user credentials by impersonating a trustworthy or fraudulent website. This concept can be achieved by being Man-in-the-middle. To know more about DNS Servers, click here.

The way to access any computer on the Internet is using the IP Address. However, if we visit a site like hackhunt.in; we never use the IP address. That’s where the DNS server comes into play. So, when you type hackhunt.in in the browser, the computer doesn’t know where it is and hence asked for IP to DNS Servers. 

The DNS servers then look for A record for the hackhunt.in in its database and return the IP Address to the requesting computer. In this case, Alice is requesting hackhunt.in to the DNS server. After looking into its table, the DNS server replies with an IP address i.e., 172.16.5.100.


Alice will receive the response with the IP address of the server. The browser will then send a request to that IP address to connect with Alice’s Computer.

Now, this can be exploited as there is no verification of the request at Alice’s Computer. If Eve is the Man-in-the-middle, then all the traffic will pass through Eve's PC and Eve can be able to modify the data. So now if Alice makes a DNS request for hackhunt.in, the request will go through Eve’s PC.


Eve will forward the request to the DNS server and waits for the response. When Eve will receive the DNS response with the IP address, she will change the IP address to a malicious site and send it to Alice.

In this example, the IP address of the website is changed to 172.16.2.100. When Alice’s Browser will receive this response, it will try to connect it to that IP address without verifying the response.


Alice will never know that she is connected to a phishing or malicious site. In this way, DNS requests are poisoned and redirect the victim to a fake website.

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.
,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)