DNS Services and Attacks

Overview of DNS

• DNS (Domain Name Services) servers convert domain names (e.g., professormesser.com) into IP addresses.
• Essential for directing users to the correct web services.

DNS Poisoning Attacks

• DNS Poisoning: Redirects users to incorrect IP addresses.
• Types of Attacks:
  • Modifying DNS Server: Servers are well-protected; not commonly exploited.
  • Modifying Host Files: Requires attacker access and elevated rights.
  • Man-in-the-middle Attacks: Intercept DNS queries to redirect users in real-time.

Example of DNS Poisoning with IP Spoofing

• Network Setup:
  • Attacker IP: 100.100.100.100
  • DNS Server IP: 162.159.246.164
  • Normal resolution: DNS server correctly resolves professormesser.com.
• Attack Scenario:
  • Attacker gains access to DNS server, modifies DNS configuration.
  • Changes IP for professormesser.com to attacker's IP.
  • Subsequent DNS queries return the attacker's IP, redirecting traffic.

Accessing DNS Server or Domain Registration

• Techniques:
  • Exploit known vulnerabilities.
  • Obtain administrative credentials.
  • Manipulate domain registration settings.
• Example Incident: October 22, 2016, a bank in Brazil had 36 domains altered for six hours.

URL Hijacking (Typo Squatting/Brand Jacking)

• Methods:
  • Registering domains with misspellings.
  • Using similar domain names (e.g., different top-level domains).
  • Creating sites to collect user credentials or distribute malware.
• Examples:
  • Misspelled domain: profeessormesser.com (additional letter).
  • Similar domain: professormessers.com (extra 's').
  • Different TLD: professormesser.org instead of .com.

Prevention and Awareness

• Verify domain names carefully.
• Avoid clicking on links from unknown emails.
• Be aware of potential redirection to malicious sites.