Breaking

Friday, 22 March 2019

DNS Cache Poisoning or DNS Spoofing

DNS Cache Poisoning is a new form of attack. Here the hackers put a wrong response in the Local DNS and when a user requests regarding a website then its request is forwarded to malicious website.



Local DNS is a DNS cache that is stored on client PC. When a user requests, then the local DNS is checked, and if the IP address is available then that website is shown to user. If IP address is not available then Master DNS is called.

This is the normal case where everything works fine. You send a request and it is fulfilled successfully without any issue. 

But what if your request has been redirected to any unknown site?

Example: you requested google.com but after click the browser shows yahoo.com

So when this happens… it means your DNS cache has been poisoned and your security is at risk. This could infect your computer!

In other words, when a user enters the ‘correct’ name of the website, then his request is send to the wrong IP address, and specifically, to a phishing website as shown in screenshot below.



Here you can see hacker put the wrong IP address in DNS cache file. The 1.2.2.1 is the IP address of an ‘unknownsite.’ So whenever a user request for junkfilecleaner.com then his request will be redirected to unknownsite.com which is a malicious website.

So to solve this issue… flush DNS cache from your system. Here’s how to flush DNS cache in Mac OS.

If you have any questions comment below and don’t forget to share it on social sites!

No comments:

Post a Comment