Question

What is DNS Poisoning, Spoofing, Pharming and the differences and examples of each

Answer 1

DNS Poisoning : A DNS server translates human readable addresses (e.g. google.com) to numerical IP addresses (e.g. 172.217.166.78). DNS servers contains translation tables that converts website names to their corresponding IP addresses. If an attacker manages to gain control of a DNS server, it can alter the translation table (poison the DNS server) to direct the traffic to some malicious IP instead of the intended website. E.g. They can replace google.com's IP with an IP that they own.

Spoofing : Spoofing is when an unknown and untrusted agent impersonates a known and trusted agent to access confidential or sensitive information about a client. E.g. a fraud might call you on your phone and pretend to be your banker in order to access your credit card details. In computer networks, spoofing is when a malicious agent creates IP packets with false source IP address to mark itself as another computing system. E.g. someone can return some fake IP packets to you with source IP as that of google.com to lead you to believe that they are search results.

Pharming: Pharming is the practice of creating a fake website which mimics a legitimate site, and redirecting internet traffic meant for the legitimate site to the fake one. When users interact with the fake site they unknowingly hand over sensitive information like credit card details, bank credentials, SSN, etc. E.g. Someone can host an exact replica of your banking website, except when you try to log in, your credentials are sent to the attacker.

DIFFERENCES:

DNS poisoning is a technique extensively used to conduct pharming. Another popular method of conducting pharming attacks is "Man in the middle" attack using hardwares like Wi-Fi pineapples.

Spoofing is done mainly through social engineering, whereas pharming attacks use little or no social engineering. Pharming makes use of technological methds like DNS poisoning.