Dns Cache Poisoning Attacks Take Preventive Measures Xiang Jie

Frbiz Site


Recently, the network appears in the history of the most powerful Internet vulnerability?? DNS cache vulnerability, this vulnerability in the Internet application directed at our vulnerable security system, is the source of poor security design flaws. Advantage of the vulnerability can range allows users to not open web pages, weight is phishing and financial fraud, causing huge losses to the victims.



Cache poisoning an attacker (cachepoisoning) to the DNS server into the illegal Internet domain address, if the server accepts the illegal address, shows that the cache was attacked, and the subsequent response of the domain name request will be controlled by hackers. When these illegal addresses into the server cache, the user's browser or e-mail will automatically jump to the DNS server address specified. cold heading wire

welding shielding gas

Such attacks are often classified as a pharming attack (pharmingattack), thus it will lead to many serious problems. First of all, users tend to think that the landing is a familiar site, but they are not. And phishing attacks by illegal URL is different, this attack is legitimate to use URL address.



Another problem is that hundreds of thousands of users will be implanted into the server cache poisoning attack redirected to the hacker set up to guide the trap site. This problem will request the use of domain names related to the number of users. In such circumstances, even without extensive hacking techniques can cause great trouble, allowing users to sleepwalk to put their online banking account password, online game account password to tell to others.



In this similar way, the mail system will be hacked. But not to the Web server, but to the mail server illegal address, so that the system under control, leading to the mail server.



So, how did hackers do to make cache server for accepting an illegal address? When a DNS caching name server received a request from the user, the server will look in the cache whether this address. If not, it will request a higher level DNS server.



This vulnerability in the event before the attacker is difficult to attack DNS server: they must respond by sending a fake query to obtain the correct query parameters to access the cache server, and then control the legitimate DNS server. This process usually lasting less than a second, so hackers would not be successful.



However, there are security personnel to find the loopholes, making the process the attacker towards beneficial change. This is because the attacker was informed of the cache server for continuous queries, the server can not give response. For example, a hacker could send a similar request: 1q2w3e.google.com, but he also knows that the cache server can not have this domain name. This will lead to more cache servers to issue queries, and will answer a lot of opportunities to cheat.



Course, this does not mean that attackers have many opportunities to guess the correct query parameter values. In fact, this is an open DNS server vulnerability announced it would be dangerous in the attack within 10 seconds.