DNS SPOOF ATTACK: EVERYTHING YOU NEED TO KNOW

INTRODUCTION

Hi everyone! Suppose you are in your WiFi network and trying to book a movie ticket online. You opened the website there is no sign of phishing and everything seems nice. You buy your ticket as usual and nothing seems to happen. Then after sometime, you noticed that your ticket was not booked but your money gets deducted from the bank account. In frustration, you contacted the customer support regarding this issue but they told you that they didn’t receive the money. Guess what? You are hacked by someone in your network. You might be thinking “I have make sure that i was visiting the actual website. The domain name was same as that of the cinema hall’s website. I have taken every countermeasures to make sure that the website i was visiting is not phishing. Did someone hack into my laptop?” Well, no one have hacked into your computer(Not yet). Basically, they were able to conduct a successful man in the middle attack resulting in the compromise of your credit card. Using man in the middle attack, they were able to perform dns spoofing attack. Therefore, it seems that you have visited the actual website but it is not the case. You are visiting the website hosted on attacker’s machine. Let us try to understand the figure below for more clarity:

What is DNS?

DNS stands for Domain Name Server. Basically every server have their ip address. DNS is used to point a domain name to their belonged ip address since it is very difficult for us to type ip address of every website on the internet. For example, if you type google.com in your browser then it will resolve to the google’s ip address. This is the simplest explanation of DNS. For more depth, you can check this article.

What is DNS Spoof Attack?

In simple terms, DNS Spoof Attack or DNS Spoofing attack is a type of man in the middle attack where the attacker was able to embed a fake DNS entry in the network. As a result instead of pointing to google’s ip address you will be redirected to the attacker’s controlled webpage without your knowledge. Although most modern browsers have some security protection feature that detects dns spoofing attacks, it is still possible for an attacker to successfully conduct this attack.

How to perform DNS Spoof Attack?

Note: You need to have Kali Linux installed in your computer.

CONCLUSION

I hope you all understood about dns spoofing attack in depth. Please note that many websites like Facebook, Instagram etc are secured from man in the middle attacks. It is because they only allow connections from https protocol. Since most of the man in the middle attack works on http protocol, therefore attacking these websites through man in the middle attack is quite difficult.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Faiyaz Ahmad

Faiyaz Ahmad

Student | Cybersecurity L0V3R | BUG BOUNTY HUNTER | CTF PLAYER | INDIAN