What is DNS poisoning? How it works? How to protect yourself?

DNS poisoning is a technology that makes it possible for a DNS server to believe that it has received actual information, which is not really the case. This translates the IP address of the DNS address to a numeric IP address. An attacker can use the server control's IP address to replace the IP address of the target site on the specified DNS server. An attacker could create a bogus DNS entry for a server that might contain malicious content of the same name.

For example, a user enters www.google.com, but instead of pointing to Google's server, it is sent to a different malicious site. DNS poisoning is understood to be used to redirect users to fake pages managed by an attacker.

How to Perform it?

Step 1 − Open the terminal and enter 'nano etter.dns'. This file contains all the entries that Ettercap uses to resolve the DNS address of the domain name address. In this file, add a mistake of "Facebook". If someone wants to open Facebook, he will be redirected to a different site.

Step 2 − Insert the entry "redirect to www.linux.org". See the example below

Step 3 − Now save this file and exit by saving the file. Use “ctrl+x” to save the file

Step 4 − Then the whole process is the same as starting ARP poisoning. After starting ARP poisoning, click "plugin" in the menu bar and select the "dns _ spoof" plug-in.

Step 5 − When DNS_spoof is started, the result is displayed. As long as it is entered in the browser, Facebook.com will cheat Google IP.

It means the user gets the Google page instead of facebook.com on their browser.

Defenses against DNS Poisoning

As a moral hacker, your work is likely to keep you in a preventable position instead of a pen test. It can help an attacker to prevent the use of external technology. This is a defense against attack from a pen tester's point of view, which uses a hardware switching network for the most sensitive part of the network and segregates traffic into single segments or contention domains. 

Implement IP DHCP snooping on the switch to prevent ARP poisoning and spoofing attacks.

Implement policies that prevent promiscuous mode with network adapters. 

Be careful when deploying wireless access points and make sure that all traffic on the wireless network is being sniffed. 

Encrypt sensitive traffic with an encryption protocol such as SSH or IPsec. 

Port security is used in switches with programming functions, and only certain MAC addresses can send and receive data on each port. 

IPv6 has the advantages and options of IPv4 security.

 Replacing FTP and Telnet protocol with SSH is an effective way to prevent sniffing. If SSH is not a viable solution, consider using IPsec to protect older legacy protocols. The Virtual Private Network (VPN) can provide effective defense for eavesdropping encryption aspects. SSL is an excellent defense measure of IPsec.

Join Us On Facebook :)