SlideShare uma empresa Scribd logo

DNS spoofing/poisoning Attack

Transferir como PPTX, PDF
F
Fatima Qayyum

This document discusses DNS spoofing attacks. It defines DNS as the internet's equivalent of a phone book that translates domain names to IP addresses. It describes several types of DNS attacks including denial of service attacks and DNS amplification attacks. It explains how DNS spoofing works by introducing corrupt DNS data that causes the name server to return an incorrect IP address, diverting traffic to the attacker. The document also discusses ways to prevent DNS spoofing such as using DNSSEC to add cryptographic signatures to DNS records and verifying responses.

Celular
1 de 18
z
z What is DNS? z  DNS means Domain Name Server.  DNS are the Internet's equivalent of a phone book.  They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses.
z
z zz How DNS Works?
z Types of DNS Attacks z  (DOS) Denial of Service attack  DNS Amplification Attack  BIND9 Spoofing  DNS Spoofing/ Poisoning
z DNS Attacks: • Denial-of-service Attack typically flood servers, systems or networks with traffic in order to overwhelm the victim's resources and make it difficult or impossible for legitimate users to access them. • DNS Amplification Attack: is a reflection- based volumetric distributed denial-of-service (DDoS) attack in which an attacker break the functionality of open DNS resolvers in order to overwhelm a target server or network with an amplified amount of traffic.
z Conti…. DNS resolvers like BIND use unpredictable values with each generated query. Since the corresponding values in the response must match the values sent in the query, it is difficult for a blind attacker, who does not see the query, to forge a valid response and insert a new name.
z DNS Spoofing/Poisoning z  DNS spoofing, also referred to as DNS tampering, DNS redirection or DNS hijacking.  It is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver 's cache.  Causing the name server to return an incorrect result record, e.g. an IP address.  This results in traffic being diverted to the attacker's computer
z z How Does DNS Spoofing Work? z
z How DNS Spoofing Occurs? z DNS spoofing is an overarching term and can be carried out using various methods such as: 1. DNS cache poisoning 2. Compromising a DNS server 3. Implementing a Man in the Middle Attack
z Aims of Attackers z  Launch an attack: By changing the IP address for a popular domain like Google.com, for example, a hacker could divert a large amount of traffic to a server incapable of handling so much traffic.  Redirection: A corrupted DNS entry can redirect users to websites they do not intend to visit. A hacker might use this to send victims to a phishing site.  Censorship: Browsing the web is nearly impossible without DNS, so whoever controls the DNS server controls who sees what on the web.
z DNS Spoofing Mitigation Using Domain Name Server Security (DNSSEC) DNSSEC is a protocol designed to secure your DNS by adding additional methods of verification. The protocol creates a unique cryptographic signature stored alongside your other DNS records, e.g., A record and CNAME. This signature is then used by your DNS resolver to authenticate a DNS response, ensuring that the record wasn’t tampered with.
z Ways to Exploit In order to achieve DNS Amplification attack, the attacker performs two malicious tasks,  The attacker spoofs the IP address of DNS Resolver (converts domain name to IP address) and replaces it with the victims IP address. This is because all reply of the DNS server will respond back to victims’ server.  The attacker finds Internet domain registered with many DNS records. Ex domain.example.com, domain1.example.com etc. Then the attacker DNS query to get all records of example.com. z
z z Prevention z
z How to Prevent?  Always check for HTTPS  Encrypted DNS  VPN  Antivirus  Disable JavaScript and WebRTC  DNSSEC  Only cache information from authoritative servers  Cross-check IP DNS mappings  Transaction signatures for zone transfer, dynamic updates  Split-split strategy: Advertising name server for DNS servers  No cache to poison  Only allow internal traffic
z Cont… z Firewalls can be utilized to minimize attacks against the DNS protocol.  Query and Response Verification  Transaction ID randomization  DNS Header Flag Filtering  DNS message size limitations
z DNS Spoofing Attack
DNS spoofing/poisoning Attack

Recomendados

DNS spoofing/poisoning Attack Report (Word Document)
DNS spoofing/poisoning Attack Report (Word Document)DNS spoofing/poisoning Attack Report (Word Document)
DNS spoofing/poisoning Attack Report (Word Document)Fatima Qayyum
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
Dns security
Dns securityDns security
Dns securityDhaval Kapil
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
SQL injection
SQL injectionSQL injection
SQL injectionRaj Parmar
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 

Recomendados

DNS spoofing/poisoning Attack Report (Word Document)
DNS spoofing/poisoning Attack Report (Word Document)DNS spoofing/poisoning Attack Report (Word Document)
DNS spoofing/poisoning Attack Report (Word Document)Fatima Qayyum
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
Dns security
Dns securityDns security
Dns securityDhaval Kapil
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
SQL injection
SQL injectionSQL injection
SQL injectionRaj Parmar
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Xss attack
Xss attackXss attack
Xss attackManjushree Mashal
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddoskalyan kumar
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptographychauhankapil
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
Data Hiding Techniques
Data Hiding TechniquesData Hiding Techniques
Data Hiding Techniquesprashant3535
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Session Hijacking
Session HijackingSession Hijacking
Session Hijackingn|u - The Open Security Community
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
How DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An IntroductionHow DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An Introductionyasithbagya1
 
DNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisDNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisCSCJournals
 

Mais conteúdo relacionado

Mais procurados

Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddoskalyan kumar
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptographychauhankapil
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
Data Hiding Techniques
Data Hiding TechniquesData Hiding Techniques
Data Hiding Techniquesprashant3535
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 

Mais procurados (20)

Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Xss attack
Xss attackXss attack
Xss attack
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddos
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
 
Data Hiding Techniques
Data Hiding TechniquesData Hiding Techniques
Data Hiding Techniques
 
Cia security model
Cia security modelCia security model
Cia security model
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Session Hijacking
Session HijackingSession Hijacking
Session Hijacking
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 

Semelhante a DNS spoofing/poisoning Attack

How DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An IntroductionHow DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An Introductionyasithbagya1
 
DNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisDNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisCSCJournals
 
Kipp berdiansky on network security
Kipp berdiansky on network securityKipp berdiansky on network security
Kipp berdiansky on network securityKipp Berdiansky
 
Session 4 Tp 4
Session 4 Tp 4Session 4 Tp 4
Session 4 Tp 4githe26200
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
 
A Measurement Study of Open Resolvers and DNS Server Version
A Measurement Study of Open Resolvers and DNS Server VersionA Measurement Study of Open Resolvers and DNS Server Version
A Measurement Study of Open Resolvers and DNS Server VersionYuuki Takano
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Laura L. Adams
 
Presentation
PresentationPresentation
PresentationKen Wong
 
Domain name server
Domain name serverDomain name server
Domain name serverMobile88
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS SecurityThousandEyes
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksDNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksFindWhitePapers
 
understanding-dns-essential
understanding-dns-essentialunderstanding-dns-essential
understanding-dns-essentialwael eshag eshag
 
IGF 2023: DNS Privacy
IGF 2023: DNS PrivacyIGF 2023: DNS Privacy
IGF 2023: DNS PrivacyAPNIC
 

Semelhante a DNS spoofing/poisoning Attack (20)

How DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An IntroductionHow DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An Introduction
 
DNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisDNS Advanced Attacks and Analysis
DNS Advanced Attacks and Analysis
 
Kipp berdiansky on network security
Kipp berdiansky on network securityKipp berdiansky on network security
Kipp berdiansky on network security
 
Session 4 Tp 4
Session 4 Tp 4Session 4 Tp 4
Session 4 Tp 4
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security Extensions
 
A Measurement Study of Open Resolvers and DNS Server Version
A Measurement Study of Open Resolvers and DNS Server VersionA Measurement Study of Open Resolvers and DNS Server Version
A Measurement Study of Open Resolvers and DNS Server Version
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014
 
Presentation
PresentationPresentation
Presentation
 
Presentation
PresentationPresentation
Presentation
 
Domain name server
Domain name serverDomain name server
Domain name server
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
 
Presentation2.pptx
Presentation2.pptxPresentation2.pptx
Presentation2.pptx
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache Poisoning
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS Security
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksDNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
 
Domain name system
Domain name systemDomain name system
Domain name system
 
Dns
DnsDns
Dns
 
Dns
DnsDns
Dns
 
understanding-dns-essential
understanding-dns-essentialunderstanding-dns-essential
understanding-dns-essential
 
IGF 2023: DNS Privacy
IGF 2023: DNS PrivacyIGF 2023: DNS Privacy
IGF 2023: DNS Privacy
 

Mais de Fatima Qayyum

Keras CNN Pre-trained Deep Learning models for Flower Recognition
Keras CNN Pre-trained Deep Learning models for Flower RecognitionKeras CNN Pre-trained Deep Learning models for Flower Recognition
Keras CNN Pre-trained Deep Learning models for Flower RecognitionFatima Qayyum
 
GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)Fatima Qayyum
 
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...Fatima Qayyum
 
Gamification of Internet Security by Next Generation CAPTCHAs
Gamification of Internet Security by Next Generation CAPTCHAs Gamification of Internet Security by Next Generation CAPTCHAs
Gamification of Internet Security by Next Generation CAPTCHAs Fatima Qayyum
 
Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document) Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document) Fatima Qayyum
 
Artificial Intelligence presentation
Artificial Intelligence presentation Artificial Intelligence presentation
Artificial Intelligence presentation Fatima Qayyum
 
UNIX Operating System
UNIX Operating SystemUNIX Operating System
UNIX Operating SystemFatima Qayyum
 
Define & Undefine in SQL
Define & Undefine in SQLDefine & Undefine in SQL
Define & Undefine in SQLFatima Qayyum
 
Security System using XOR & NOR
Security System using XOR & NOR Security System using XOR & NOR
Security System using XOR & NOR Fatima Qayyum
 
Communication skills (English) 3
Communication skills (English) 3Communication skills (English) 3
Communication skills (English) 3Fatima Qayyum
 
Creativity and arts presentation (1)
Creativity and arts presentation (1)Creativity and arts presentation (1)
Creativity and arts presentation (1)Fatima Qayyum
 
World religon (islam & judaism)
World religon (islam & judaism)World religon (islam & judaism)
World religon (islam & judaism)Fatima Qayyum
 
Communication Skills
Communication SkillsCommunication Skills
Communication SkillsFatima Qayyum
 

Mais de Fatima Qayyum (17)

Keras CNN Pre-trained Deep Learning models for Flower Recognition
Keras CNN Pre-trained Deep Learning models for Flower RecognitionKeras CNN Pre-trained Deep Learning models for Flower Recognition
Keras CNN Pre-trained Deep Learning models for Flower Recognition
 
GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)
 
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
 
Gamification of Internet Security by Next Generation CAPTCHAs
Gamification of Internet Security by Next Generation CAPTCHAs Gamification of Internet Security by Next Generation CAPTCHAs
Gamification of Internet Security by Next Generation CAPTCHAs
 
Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document) Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document)
 
Stress managment
Stress managmentStress managment
Stress managment
 
Waterfall model
Waterfall modelWaterfall model
Waterfall model
 
Artificial Intelligence presentation
Artificial Intelligence presentation Artificial Intelligence presentation
Artificial Intelligence presentation
 
Subnetting
SubnettingSubnetting
Subnetting
 
UNIX Operating System
UNIX Operating SystemUNIX Operating System
UNIX Operating System
 
Define & Undefine in SQL
Define & Undefine in SQLDefine & Undefine in SQL
Define & Undefine in SQL
 
Security System using XOR & NOR
Security System using XOR & NOR Security System using XOR & NOR
Security System using XOR & NOR
 
Communication skills (English) 3
Communication skills (English) 3Communication skills (English) 3
Communication skills (English) 3
 
Creativity and arts presentation (1)
Creativity and arts presentation (1)Creativity and arts presentation (1)
Creativity and arts presentation (1)
 
BCD Adder
BCD AdderBCD Adder
BCD Adder
 
World religon (islam & judaism)
World religon (islam & judaism)World religon (islam & judaism)
World religon (islam & judaism)
 
Communication Skills
Communication SkillsCommunication Skills
Communication Skills
 

Último

Android Application Components with Implementation & Examples
Android Application Components with Implementation & ExamplesAndroid Application Components with Implementation & Examples
Android Application Components with Implementation & ExamplesChandrakantDivate1
 
Mobile Application Development-Android and It’s Tools
Mobile Application Development-Android and It’s ToolsMobile Application Development-Android and It’s Tools
Mobile Application Development-Android and It’s ToolsChandrakantDivate1
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRnishacall1
 
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Servicenishacall1
 
Leading Mobile App Development Companies in India (2).pdf
Leading Mobile App Development Companies in India (2).pdfLeading Mobile App Development Companies in India (2).pdf
Leading Mobile App Development Companies in India (2).pdfCWS Technology
 
Thane 💋 Call Girls 7738631006 💋 Call Girls in Thane Escort service book now. ...
Thane 💋 Call Girls 7738631006 💋 Call Girls in Thane Escort service book now. ...Thane 💋 Call Girls 7738631006 💋 Call Girls in Thane Escort service book now. ...
Thane 💋 Call Girls 7738631006 💋 Call Girls in Thane Escort service book now. ...Pooja Nehwal
 
Mobile Application Development-Components and Layouts
Mobile Application Development-Components and LayoutsMobile Application Development-Components and Layouts
Mobile Application Development-Components and LayoutsChandrakantDivate1
 

Último (8)

Android Application Components with Implementation & Examples
Android Application Components with Implementation & ExamplesAndroid Application Components with Implementation & Examples
Android Application Components with Implementation & Examples
 
Mobile Application Development-Android and It’s Tools
Mobile Application Development-Android and It’s ToolsMobile Application Development-Android and It’s Tools
Mobile Application Development-Android and It’s Tools
 
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
 
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
 
Leading Mobile App Development Companies in India (2).pdf
Leading Mobile App Development Companies in India (2).pdfLeading Mobile App Development Companies in India (2).pdf
Leading Mobile App Development Companies in India (2).pdf
 
Thane 💋 Call Girls 7738631006 💋 Call Girls in Thane Escort service book now. ...
Thane 💋 Call Girls 7738631006 💋 Call Girls in Thane Escort service book now. ...Thane 💋 Call Girls 7738631006 💋 Call Girls in Thane Escort service book now. ...
Thane 💋 Call Girls 7738631006 💋 Call Girls in Thane Escort service book now. ...
 
Mobile Application Development-Components and Layouts
Mobile Application Development-Components and LayoutsMobile Application Development-Components and Layouts
Mobile Application Development-Components and Layouts
 

DNS spoofing/poisoning Attack

  • 1. z
  • 2. z What is DNS? z  DNS means Domain Name Server.  DNS are the Internet's equivalent of a phone book.  They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses.
  • 3. z
  • 5. z Types of DNS Attacks z  (DOS) Denial of Service attack  DNS Amplification Attack  BIND9 Spoofing  DNS Spoofing/ Poisoning
  • 6. z DNS Attacks: • Denial-of-service Attack typically flood servers, systems or networks with traffic in order to overwhelm the victim's resources and make it difficult or impossible for legitimate users to access them. • DNS Amplification Attack: is a reflection- based volumetric distributed denial-of-service (DDoS) attack in which an attacker break the functionality of open DNS resolvers in order to overwhelm a target server or network with an amplified amount of traffic.
  • 7. z Conti…. DNS resolvers like BIND use unpredictable values with each generated query. Since the corresponding values in the response must match the values sent in the query, it is difficult for a blind attacker, who does not see the query, to forge a valid response and insert a new name.
  • 8. z DNS Spoofing/Poisoning z  DNS spoofing, also referred to as DNS tampering, DNS redirection or DNS hijacking.  It is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver 's cache.  Causing the name server to return an incorrect result record, e.g. an IP address.  This results in traffic being diverted to the attacker's computer
  • 9. z z How Does DNS Spoofing Work? z
  • 10. z How DNS Spoofing Occurs? z DNS spoofing is an overarching term and can be carried out using various methods such as: 1. DNS cache poisoning 2. Compromising a DNS server 3. Implementing a Man in the Middle Attack
  • 11. z Aims of Attackers z  Launch an attack: By changing the IP address for a popular domain like Google.com, for example, a hacker could divert a large amount of traffic to a server incapable of handling so much traffic.  Redirection: A corrupted DNS entry can redirect users to websites they do not intend to visit. A hacker might use this to send victims to a phishing site.  Censorship: Browsing the web is nearly impossible without DNS, so whoever controls the DNS server controls who sees what on the web.
  • 12. z DNS Spoofing Mitigation Using Domain Name Server Security (DNSSEC) DNSSEC is a protocol designed to secure your DNS by adding additional methods of verification. The protocol creates a unique cryptographic signature stored alongside your other DNS records, e.g., A record and CNAME. This signature is then used by your DNS resolver to authenticate a DNS response, ensuring that the record wasn’t tampered with.
  • 13. z Ways to Exploit In order to achieve DNS Amplification attack, the attacker performs two malicious tasks,  The attacker spoofs the IP address of DNS Resolver (converts domain name to IP address) and replaces it with the victims IP address. This is because all reply of the DNS server will respond back to victims’ server.  The attacker finds Internet domain registered with many DNS records. Ex domain.example.com, domain1.example.com etc. Then the attacker DNS query to get all records of example.com. z
  • 15. z How to Prevent?  Always check for HTTPS  Encrypted DNS  VPN  Antivirus  Disable JavaScript and WebRTC  DNSSEC  Only cache information from authoritative servers  Cross-check IP DNS mappings  Transaction signatures for zone transfer, dynamic updates  Split-split strategy: Advertising name server for DNS servers  No cache to poison  Only allow internal traffic
  • 16. z Cont… z Firewalls can be utilized to minimize attacks against the DNS protocol.  Query and Response Verification  Transaction ID randomization  DNS Header Flag Filtering  DNS message size limitations