Question

In: Computer Science

Define DNS poisoning, DNS Spoofing and DNS hijacking. Enable/Install webserver in your computer (such as IIS)...

  1. Define DNS poisoning, DNS Spoofing and DNS hijacking.

  2. Enable/Install webserver in your computer (such as IIS)

  3. Choose a website name (such as www.cnn.com, etc.) and ping the website using command line

    tool. Note down the responses.

  4. Change/poison the DNS configuration using hosts file for your recently installed web server to

    redirect the chosen website (you could do the same that we did in the class) and ping the website

    (such as cnn.com as noted in step 3 above) that is being redirected. Note down the responses.

  5. What are the differences in responses of step 3 and step 4.

  6. What advantages can be achieved by the attacks using this type of cyber-attacks (DNS poisoning)?

    Explain.

I need help with #4 for a Mac computer. Posted all the other questions for context.

Solutions

Expert Solution

DNS poisoning, DNS Spoofing and DNS hijacking

DNS poisoning :

DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.One of the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server. In 2010, a DNS poisoning event resulted in the Great Firewall of China temporarily escaping China’s national borders, censoring the Internet in the USA until the problem was fixed.

DNS Cache Poisoning

A DNS cache can become poisoned if it contains an incorrect entry. For example, if an attacker gets control of a DNS server and changes some of the information on it — for example, they could say that google.com actually points to an IP address the attacker owns — that DNS server would tell its users to look for Google.com at the wrong address. The attacker’s address could contain some sort of malicious phishing website

DNS poisoning like this can also spread. For example, if various Internet service providers are getting their DNS information from the compromised server, the poisoned DNS entry will spread to the Internet service providers and be cached there. It will then spread to home routers and the DNS caches on computers as they look up the DNS entry, receive the incorrect response, and store it.

DNS Spoofing :

DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. A Domain Name System server translates a human-readable domain name (such as example.com) into a numerical IP address that is used to route communications between nodes. Normally if the server does not know a requested translation it will ask another server, and the process continues recursively. To increase performance, a server will typically remember (cache) these translations for a certain amount of time. This means if it receives another request for the same translation, it can reply without needing to ask any other servers, until that cache expires.

DNS Hijacking :

Domain Name Server (DNS) hijacking, also named DNS redirection, is a type of DNS attack in which DNS queries are incorrectly resolved in order to unexpectedly redirect users to malicious sites. To perform the attack, perpetrators either install malware on user computers, take over routers, or intercept or hack DNS communication.

DNS hijacking can be used for pharming (in this context, attackers typically display unwanted ads to generate revenue) or for phishing (displaying fake versions of sites users access and stealing data or credentials).

Many Internet Service Providers (ISPs) also use a type of DNS hijacking, to take over a user’s DNS requests, collect statistics and return ads when users access an unknown domain. Some governments use DNS hijacking for censorship, redirecting users to government-authorized sites.

DNS hijacking attack types

There are four basic types of DNS redirection:

· Local DNS hijack — attackers install Trojan malware on a user’s computer, and change the local DNS settings to redirect the user to malicious sites.

· Router DNS hijack — many routers have default passwords or firmware vulnerabilities. Attackers can take over a router and overwrite DNS settings, affecting all users connected to that router.

· Man in the middle DNS attacks — attackers intercept communication between a user and a DNS server, and provide different destination IP addresses pointing to malicious sites.

· Rogue DNS Server — attackers can hack a DNS server, and change DNS records to redirect DNS requests to malicious sites.


Related Solutions

What is DNS Poisoning, Spoofing, Pharming and the differences and examples of each
What is DNS Poisoning, Spoofing, Pharming and the differences and examples of each
Install the Analysis Tool Pak on your computer. Find any dataset online in the public domain....
Install the Analysis Tool Pak on your computer. Find any dataset online in the public domain. Copy around 15-20 into Excel, and then create a randomized data set. Paste it here.
Install the Analysis Tool Pak on your computer. Find any dataset online in the public domain....
Install the Analysis Tool Pak on your computer. Find any dataset online in the public domain. Copy around 15-20 into Excel, and then create a randomized data set. Paste it here. A Gallup pool indicated that 29% of Americans spent more money in recent months than they used to. But the majority (58%) still said they enjoy saving money more than spending it. The results are based on telephone interviews conducted in April with a random sample of 1,016 adults,...
Your firm spends $6,500 annually for electricity. Johnson Controls offers to install a new computer-controlled lighting...
Your firm spends $6,500 annually for electricity. Johnson Controls offers to install a new computer-controlled lighting system that will reduce electric bills by $1,000 in each of the next 5 years. The system costs $1,450 to install and $2,750 to dispose of at the end of 5 years. Assume the cost savings are known with certainty and the interest rate is 10%. What are the IRRs of the project? There should be two IRRs even if one of them is...
On your own words, define different types of Computer Networks and Network Topology and discuss how...
On your own words, define different types of Computer Networks and Network Topology and discuss how it work.
2. Define the following terms in your own words : a. Computer. b. Hardware (H/W). c....
2. Define the following terms in your own words : a. Computer. b. Hardware (H/W). c. Software (S/W). d. Input Devices. e. Output devices. f. Primary Memory. g. Peripheral device.
Build your own computer from the ground up. You must define each part that you want...
Build your own computer from the ground up. You must define each part that you want to use, give the name of the brand, and why you chose each part. You must specify the type of computer you are building. Power Supply, motherboard, network card, video card, hard drive, mouse, keyboard, processor are a few parts. Refer to diagram from week 1.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT