A DNS (Domain Name System) record is a record that connects an IP address to a URL or a domain name. DNS servers maintain DNS records, which are used to assist the user in accessing the websites to the outside world. When a URL or domain is entered in the browser by a user, the request is passed to the DNS servers and then directed to the specific Web server to give the response.
1. DNS Cache Poisoning Attack
DNS (Domain Name System) cache poisoning is the technique of inserting incorrect DNS data into a DNS cache to cause DNS queries to produce misleading results and send people to the wrong domains. Sometimes, DNS cache poisoning is also called DNS spoofing.
2. DNS Hijacking Attack
Attack where visitors are unknowingly redirected to malicious websites because of DNS queries being wrongly handled. Attackers can install malware on user PCs, take control of routers, or intercept DNS communication to carry out further attacks. This type of attack can be used in a targeted phishing attack by attackers.
3. Domain Hijacking Attack
A domain hijacking or domain spoofing attack occurs when an unauthorized person steals the web address of a company. Without the owner’s permission, an attacker modifies the registration details of other users’ domain names. As a result access to the domain for legitimate users is denied and the domain will be in full control of an attacker. The legitimate website URL is then used by scammers for further illegal activities.
4. TCP SYN Flood Attack
The TCP SYN flood attack is Distributed Denial of Service (DDoS) attack or sometimes known as SYN flood, makes use of a part of the standard TCP (Transmission control protocol) three-way handshake to overload the targeted server with resources and makes it unavailable to other users. In an SYN flood attack, the attacker repeatedly sends SYN packets to every port on the server constantly using a fake IP address. Unaware of the attack, the server keeps responding to all fake requests, however, the legitimate user is unable to access the service in the meantime.
5. DNS Tunneling
In a DNS tunneling attack, the attacker set up a server on which malware is installed, and an attacker also controls a domain that points to it. The attacker looks for the attacker-controlled domain on a server that is compromised with malware. When it routes the query, the DNS (Domain Name System) resolver establishes a tunnel between the attacker and the target, allowing them to collect data, takeover over the host remotely, and carry out other attacks.
6. Subdomain Takeover Attack
In Subdomain takeover attacks, an attacker is able to seize control of an organization’s subdomain by claiming them if they are still pointing to some third party subdomain provider services such as GitHub page, Azure, AWS cloud-front, WordPress, fastly, etc. We can do a Subdomain Takeover through claiming or registration of an existing DNS CNAME record of that subdomain. This commonly happens when the web application is removed but the subdomain DNS (Domain Name System) entries are still active.
7. Dangling DNS Attack
Dangling DNS (Domain Name System) is the terminology used when a DNS entry points to an improperly configured external site. Since these DNS entries are vulnerable to information leaks, cybercriminals are always looking for them online using various automation tools. An attacker who sees the expired domain can register it with a third-party service and monitor the traffic on that domain or even can host malicious content.
How to prevent DNS Attacks?
To prevent DNS-related attacks consider maintaining the following concerns.
- Maintain Privacy and Security of DNS Resolver
- Check for DNS flaws in your infrastructure.
- Manage Your DNS servers securely
- Setup Your DNS to Avoid Cache Poisoning
- Regularly check for unnecessarily pointed CNAMES
- Use strong firewall solutions
- Set up proper logging and monitoring solutions for quick response.
- Configure your cloud security strictly.
[…] Top DNS Attacks and Their Preventions […]