DNS Spoofing
Domain Name:
We know internet is really user friendly. Because, you can just type what your are looking for in the web browser in your own domain specific word (that means the word we are day-to-day using). Then the browser will show you tons of results related with your respective search.
Such as,
- youtube.com
- gmail.com
- javapoint.com
and so on. That means domain name is human readable identifier which used to identify specific website or content available in the internet.
Domain Name System:
But, the computer or any other mobile device is just a machine not a human being. But, how they can understand the human readable domain specific word.
In that case Domain Name Service (DNS) comes to the stage and play its role. What is does is it converts domain specific names in to the machine understandable format which you already known as IP address.
How it works?
- When you request a specific domain, your DNS server searches that URL in your local Cache. If it could find, local cache will recorded on to your browser.
- Ask from Recursive DNS Server: If it is not in your local cache the requested message will be forwarded in to the Domain Name System Server in your LAN. If it posses requested URL, then forwarded that to your browser.
- Then ask Authoritative DNS Server: If you still can not find the requested URL, the query goes to Authoritative DNS Server. Likewise, until you find the requested URL, your query goes over these Authoritative DNS servers.
- Finally, your computer will receive that particular URL and saved on Local Cache as well recursive servers on your LAN.
Now, Let’s talk about the DNS Spoofing…
What really happens is user is navigated to the fake website which represent as same as real one. The purpose of intruder is obtained the credential information or sensitivity data of victim. This attack is really harmful because it can be relying for a long time without detecting.
In here, what an intruder does is replace the real particular URL of site (that a users like to go) by another one which can be controlled by an attacker. So, whenever user tries to access the site, he/she is being navigated to the fake site.
These DNS Spoofing threats can make data theft, malware influence, hide required security updates and etc.
DNS Spoofing can be done by in 2 ways. They are,
- DNS Cache Poisoning
In this attack what an intruder does is makeover your local DNS cache in the server. Then your server will have genuine but fake IP addresses which are lead you to the fraud website.
2. DNS ID Spoofing
In here what happens is, when your request is going as IP packet, an intruder duplicated the respective response IP packet with the user requested ID as well insert some false information.
DNS cache poisoning and DNS ID Spoofing can be caused by lack of verification and validation, vulnerabilities in local cache and poor encryption. In order to avoid the cache poisoning and ID spoofing, we can use cache poisoning detection tools, use DNSSCE (Domain Name System Security Extensions) and always keep your DNS software as up-to-date one.
DNSSCE: It allows to secure your DNS server by using public key cryptography. Then the server
Secure Socket Layer (SSL)
SSL allows you to secure your content and transmission over the internet through encryption. Furthermore, it ensure the data integrity by digital signing process. Although an attacker receive the message which facilitated with SSL may not be able to decrypt.
A website with SSL has “https” while others have “http”.
What really happens is user request the public key of webserver to encrypt their message. So, once the message receives from user, the server decrypt the message using it’s private key.
Also, the website can use SSL if and only is they have SSL certificate. There are 2 methods used to implement SSLs.
- One-way SSL
- At the beginning client asked secure connection from https server (We named is as hand-shake process).
- Then server sends back its public key and certificate to sender.
- Then sender verifies this with Certificate Authority (CA) to check whether this particular key and certificate is validate or not.
- Then sender sends randomly generated key known as session key to server along with server’s public key.
- Then server initiate the secure connection with sender by decrypting session key.
2. Two-Way SSL
- As you can see the only difference is both client and server validated their certificates in shift-basis. That means once sender receives public key and certificate from the server, the sender validated them with CA.
- Then sender sends randomly generated session key, web server’s public key and certificate of sender.
- Then sender validate the certificate of sender with CA pool.
- Once validated server initiate the communication with sender as usual.
However, by implementing this SSL channels also provide adequate level of security for your application.
I hope you get a proper understand on DNS Spoofing with the two types of attacks and SSL as well.
