Lecture on DNS and Vulnerabilities

Overview of DNS (Domain Name System)

• DNS translates fully qualified domain names (FQDN) into IP addresses.
• Attackers can exploit DNS through various poisoning attacks.

DNS Poisoning Attacks

DNS Server Modification

• Rare due to high level of protection.
• Involves altering DNS server settings to mislead users to incorrect IP addresses.

Local Host File Modification

• Easier for attackers if they gain local machine access.
• Host file contains FQDN and IP address mappings.
• Requires elevated permissions to change.

Man-in-the-Middle (MitM) Attacks

• Intercept DNS queries and redirect them in real-time.
• Attacker must sit in the network path of the DNS request.

IP Spoofing and DNS Redirection

• Example scenario:
  • Attacker with IP 100.1.100.100 alters DNS records.
  • DNS server initially correctly resolves professor.com to an IP ending in 164.
  • Attacker gains access, changes IP to point to their own.
  • Future requests from users are redirected to the attacker's IP.

Gaining Access to DNS Servers

Domain Registration Access

• Gain control over domain registration allows DNS settings manipulation.
• Methods include:
  • Brute force attacks.
  • Social engineering.
  • Exploiting credential leaks.

Real-World Example

• October 22, 2016, Brazil bank’s domain records were altered.
• Attackers controlled domains for 6 hours, collecting sensitive data.

URL Hijacking

Methods of URL Hijacking

• Typo Squatting/Brand Jacking:
  • Register domains with spelling errors or variations.
  • Redirect users to malicious sites or competitors.
• Examples:
  • Misspellings (e.g., professormeser.com instead of professormesser.com).
  • Altered TLDs (e.g., .org instead of .com).

Implications

• Users may unknowingly divulge credentials or download malware.
• Often used to generate ad revenue or impersonate legitimate sites.

Security Recommendations

• Avoid clicking unknown links, especially from emails.
• Verify domain names closely to ensure legitimacy.