🌐

DNS Attacks Overview

Jun 26, 2025

View transcript

Overview

This lecture covers DNS poisoning, how attackers exploit domain name resolution, and methods such as host file modification, direct DNS server attacks, domain registration compromise, and URL hijacking.

DNS Poisoning and Host File Attacks

  • DNS poisoning tricks users into connecting to malicious IP addresses instead of intended ones.
  • Attackers may modify client host files to redirect users if they have elevated access.
  • The host file links domain names with IP addresses, bypassing external DNS server queries.

Direct DNS Server Attacks

  • Attackers can exploit vulnerabilities or gain admin credentials to change DNS server records.
  • Changing DNS records on the server redirects all future queries to the attacker's IP.
  • Example: Modifying professormesser.com’s IP on the DNS server diverts users to a malicious machine.

Domain Registration Compromise

  • Attackers gaining control of domain registrar accounts can change DNS settings for entire domains.
  • Methods to gain access include brute force, social engineering, or using leaked credentials.
  • Example: In 2016, attackers changed bank domain registrations, intercepting user credentials for hours.

URL Hijacking (Typo Squatting/Brandjacking)

  • Attackers register domains similar to legitimate ones (misspellings, extra/missing letters, wrong TLD).
  • These sites may display ads, steal credentials, or distribute malware.
  • Users are often unaware due to minor URL changes (e.g., “professormesser.com” vs. “professormeser.com”).

Key Terms & Definitions

  • DNS Poisoning — Manipulating DNS information to redirect users to malicious sites.
  • Host File — Local file mapping domain names to IP addresses on a client computer.
  • URL Hijacking/Typo Squatting/Brandjacking — Registering lookalike domains to deceive users or profit.
  • Domain Registration — The process and account that manages DNS records for a domain name.

Action Items / Next Steps

  • Always check URLs closely before entering sensitive information.
  • Avoid clicking unfamiliar links in emails.
  • Review and secure access to DNS servers and domain registration accounts.

Full transcript