Question

In: Computer Science

Define DNS poisoning, DNS Spoofing and DNS hijacking. Enable/Install webserver in your computer (such as IIS)...

  1. Define DNS poisoning, DNS Spoofing and DNS hijacking.

  2. Enable/Install webserver in your computer (such as IIS)

  3. Choose a website name (such as www.cnn.com, etc.) and ping the website using command line

    tool. Note down the responses.

  4. Change/poison the DNS configuration using hosts file for your recently installed web server to

    redirect the chosen website (you could do the same that we did in the class) and ping the website

    (such as cnn.com as noted in step 3 above) that is being redirected. Note down the responses.

  5. What are the differences in responses of step 3 and step 4.

  6. What advantages can be achieved by the attacks using this type of cyber-attacks (DNS poisoning)?

    Explain.

I need help with #4 for a Mac computer. Posted all the other questions for context.

Solutions

Expert Solution

DNS poisoning, DNS Spoofing and DNS hijacking

DNS poisoning :

DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.One of the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server. In 2010, a DNS poisoning event resulted in the Great Firewall of China temporarily escaping China’s national borders, censoring the Internet in the USA until the problem was fixed.

DNS Cache Poisoning

A DNS cache can become poisoned if it contains an incorrect entry. For example, if an attacker gets control of a DNS server and changes some of the information on it — for example, they could say that google.com actually points to an IP address the attacker owns — that DNS server would tell its users to look for Google.com at the wrong address. The attacker’s address could contain some sort of malicious phishing website

DNS poisoning like this can also spread. For example, if various Internet service providers are getting their DNS information from the compromised server, the poisoned DNS entry will spread to the Internet service providers and be cached there. It will then spread to home routers and the DNS caches on computers as they look up the DNS entry, receive the incorrect response, and store it.

DNS Spoofing :

DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. A Domain Name System server translates a human-readable domain name (such as example.com) into a numerical IP address that is used to route communications between nodes. Normally if the server does not know a requested translation it will ask another server, and the process continues recursively. To increase performance, a server will typically remember (cache) these translations for a certain amount of time. This means if it receives another request for the same translation, it can reply without needing to ask any other servers, until that cache expires.

DNS Hijacking :

Domain Name Server (DNS) hijacking, also named DNS redirection, is a type of DNS attack in which DNS queries are incorrectly resolved in order to unexpectedly redirect users to malicious sites. To perform the attack, perpetrators either install malware on user computers, take over routers, or intercept or hack DNS communication.

DNS hijacking can be used for pharming (in this context, attackers typically display unwanted ads to generate revenue) or for phishing (displaying fake versions of sites users access and stealing data or credentials).

Many Internet Service Providers (ISPs) also use a type of DNS hijacking, to take over a user’s DNS requests, collect statistics and return ads when users access an unknown domain. Some governments use DNS hijacking for censorship, redirecting users to government-authorized sites.

DNS hijacking attack types

There are four basic types of DNS redirection:

· Local DNS hijack — attackers install Trojan malware on a user’s computer, and change the local DNS settings to redirect the user to malicious sites.

· Router DNS hijack — many routers have default passwords or firmware vulnerabilities. Attackers can take over a router and overwrite DNS settings, affecting all users connected to that router.

· Man in the middle DNS attacks — attackers intercept communication between a user and a DNS server, and provide different destination IP addresses pointing to malicious sites.

· Rogue DNS Server — attackers can hack a DNS server, and change DNS records to redirect DNS requests to malicious sites.


Related Solutions

What is a DNS cache poisoning attack, and how does it affect a network client? How...
What is a DNS cache poisoning attack, and how does it affect a network client? How does the Response Rate Limiting role feature mitigate a DNS amplification attack? What are the two keys that must be generated if you want to secure a zone with a digital signature? What is the purpose of each? What is DNS delegated administration, why might you want to use it, and how do you configure it? How are trust anchors distributed?
What is DNS cache locking, and what does it prevent? How does a system administrator enable...
What is DNS cache locking, and what does it prevent? How does a system administrator enable scavenging? How are a stub zone records updated if the stub zone is Active Directory integrated? What does the Windows Server 2016 feature "DNS Policy" allow an administrator to manage? How does DNSSEC use zone signing to help secure zones?
Define Immunization Information System (IIS) Functional Standards and clarify their main goals.
Define Immunization Information System (IIS) Functional Standards and clarify their main goals.
Define Immunization Information System (IIS) Functional Standards and clarify their main goals.
Define Immunization Information System (IIS) Functional Standards and clarify their main goals.
Install the Analysis Tool Pak on your computer. Find any dataset online in the public domain....
Install the Analysis Tool Pak on your computer. Find any dataset online in the public domain. Copy around 15-20 into Excel, and then create a randomized data set. Paste it here.
Install the Analysis Tool Pak on your computer. Find any dataset online in the public domain....
Install the Analysis Tool Pak on your computer. Find any dataset online in the public domain. Copy around 15-20 into Excel, and then create a randomized data set. Paste it here. A Gallup pool indicated that 29% of Americans spent more money in recent months than they used to. But the majority (58%) still said they enjoy saving money more than spending it. The results are based on telephone interviews conducted in April with a random sample of 1,016 adults,...
A firm is considering whether to install a new computer system. The computer system costs $800,000...
A firm is considering whether to install a new computer system. The computer system costs $800,000 today and is expected to increase the firm’s productivity so much that the firm will earn $250,000 each year for four years starting one year from today. If the real interest rate is 10%, should the firm install the new computer system? (Make sure that you show the formula in your answer. Show your work.)
It is required to install a new computer control system. This new computer control system could...
It is required to install a new computer control system. This new computer control system could be purchased at a cost of $125,000. The project working life of this system is 05 years with a salvage value of $50,000. The working capital investment is $23,331 for this project. The annual labor savings due to this project will be $100,000. Additional annual expenses involve labor expense of $20,000, Material expense of $12,000 & Overhead expense of $8,000. Use Straight Line Depreciation...
a) You have installed the DNS server role on a computer running Windows Server 2016 and...
a) You have installed the DNS server role on a computer running Windows Server 2016 and in the process of configuring forward/reverse lookups. Explain the difference between “ping www.google.com” and “ping the IP address of Google server at 172.217.167.68”. You may want to try both and observe any differences. Your answer should include your explanation, as well as screenshots. [5 Marks] b) Network administrators warn against configuring a file server to use DHCP. Explain what would happen if a file...
a) You have installed the DNS server role on a computer running Windows Server 2016 and...
a) You have installed the DNS server role on a computer running Windows Server 2016 and in the process of configuring forward/reverse lookups. Explain the difference between “ping www.google.com” and “ping the IP address of Google server at 172.217.167.68”. You may want to try both and observe any differences. Your answer should include your explanation, as well as screenshots. b) Network administrators warn against configuring a file server to use DHCP. Explain what would happen if a file server was...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT