SlideShare ist ein Scribd-Unternehmen logo

DNS spoofing/poisoning Attack Report (Word Document)

Als DOCX, PDF herunterladen
F
Fatima Qayyum

Information security , DNS attacks, DNS SPOOFING/ POISONING WRITE UP

Technologie
1 von 8
Contents Application level attacks: DNS Spoofing/Poisoning ...................................................................... 2 DNS................................................................................................................................................. 2 How it works?.................................................................................................................................2 DNS Attacks:...................................................................................................................................2 DNS SPOOFING/POISONING ..................................................................................................... 3 Aims of Attackersfor DNS Spoofing:.................................................................................................4 How DNS Spoofing Occurs? .............................................................................................................4 WAYS TO EXPLOIT..................................................................................................................... 4 PREVENTION................................................................................................................................ 5 How to check DNS settings in Windows?..........................................................................................5 DNS ATTACKS IN PAST ............................................................................................................. 7 REFERENCES ............................................................................................................................... 8
Information Security Project Report 2 | P a g e Application level attacks: DNS Spoofing/Poisoning DNS DNS stands for ‘Domain Name Server’. Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses. This is necessary because, even if domain names are easy for people to remember, computers or machines, access websites based on IP addresses [1]. How it works? DNS translates domain names to IP addresses so browsers can load internet resources. Information from all the domain name servers across the Internet are gathered together and housed at the Central Registry. Host companies and Internet Service Providers interact with the Central Registry on a regular schedule to get updated DNS information. When you type in a web address, e.g., www.google.com, your Internet Service Provider (ISP) views the DNS associated with the domain name, translates it into a machine friendly IP address (for example 74.125.236.32 is the IP for google.com) and directs your Internet connection to the correct website [1]. DNS Attacks: 1. Packet Interception 2. ID Guessing and Query Prediction 3. Name Chaining 4. Betrayal by Trusted Server 5. Denial of Service 6. Authenticated Denial of Domain Names 7. DNS Amplification Attack 8. DNS Cache Poisoning / DNS Spoofing
Information Security Project Report 3 | P a g e 9. (DDoS) Distributed Denial of Service attack 10. BIND9 Spoofing DNS Amplification Attack: Attacker use DNS open resolvers by sending DNS requests with source IP address of the target. When Resolvers receive DNS queries, they respond by DNS responses to the target address. Attacks of these types use multiple DNS open resolvers so the effects on the target devices are magnified. (DDOS) Distributed Denial of Service: The attacker tries to target one or more of 13 DNS root name servers. The root name servers are critical components of the Internet. Attacks against the root name servers could, in theory, impact operation of the entire global Domain Name System. BIND9 Spoofing: BIND is most widely used DNS software on Internet. BIND 9 (Stable Production Release) BIND 9 DNS queries are predictable. Source UDP port and DNS transaction ID can be effectively predicted. BIND9 is found to be predictable to 10 choices. This enables a much more effective DNS cache poisoning than the currently known attacks against BIND 9. DNS SPOOFING/POISONING DNS spoofing, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker's computer [2]. DNS spoofing corrupts the domain name system, diverting internet traffic away from its intended destination. DNS spoofing is used to censor the internet, redirect end users to malicious websites, and carry out DDoS attacks on web servers. DNS spoofing is also known as: o DNS tampering o DNS hijacking o DNS redirection DNS attack tools are readily available on the Internet (for example, dsniff, dnshijack, and many more) and they are all FREE! DNS spoofing is an overarching term and can be carried out using various methods such as: o DNS cache poisoning o Compromising a DNS server o Implementing a Man in the Middle Attack o Guessing a sequence number However, an attacker’s end goal is usually the same no matter which method they use. Either they want to steal information, re-route you to a website that benefits them, or spread malware.
Information Security Project Report 4 | P a g e Aims of Attackers for DNS Spoofing: There are a number of reasons why a hacker or other entity might do this: o Launch an attack: By changing the IP address for a popular domain like Google.com, for example, a hacker could divert a large amount of traffic to a server incapable of handling so much traffic. This can cause the server to slow down, stop, and encounter numerous errors. Such a “denial-of-service” attack can shut down a website or game server, for example. o Redirection: A corrupted DNS entry can redirect users to websites they do not intend to visit. A hacker might use this to send victims to a phishing site. Phishing sites often look identical to the real website but are operated by a hacker, tricking the user into entering private information such as their username and password. ISPs sometimes use DNS redirection to serve advertisements and collect user browsing data. o Censorship: Browsing the web is nearly impossible without DNS, so whoever controls the DNS server controls who sees what on the web. Government-controlled ISPs in China, for instance, use DNS tampering as part of their nationwide censorship system, known as the Great Firewall, to block websites from public view. How DNS Spoofing Occurs? DNS spoofing occurs in one of two ways: o Tampering with an existing DNS name server’s resolver cache, or o Creating a malicious DNS name server and spreading malware that makes routers and end user devices use it WAYS TO EXPLOIT In order to achieve DNS Amplification attack, the attacker performs two malicious tasks,
Information Security Project Report 5 | P a g e 1. The attacker spoofs the IP address of DNS Resolver (converts domain name to IP address) and replaces it with the victims IP address. This is because all reply of the DNS server will respond back to victims’ server. 2. The attacker finds Internet domain registered with many DNS records. Ex domain.example.com, domain1.example.com etc. Then the attacker DNS query to get all records of example.com. Now the attacker is ready to launch the attack. In order to get all records for example.com with spoofed source IP (victims IP); the attacker sends multiple DNS queries from different computers with different DNS server. The request that comes from the DNS resolver to resolve the domain name to IP address but as the resolvers IP changed with the victims IP, all the response from the DNS server will go to the source server (victims). Now the attacker got the amplification attack because for the request a large no of response will send to the victim (sometimes 100 times larger). If the server generates 3 Mbps DNS query it amplifies to 300 Mbps in victim side which creates traffic which is the resource consuming task in victim’s side. So, the victim’s side will be so busy to handle the attack which leads to Denial of Service attack [3]. DNS resolvers like BIND use unpredictable values with each generated query. Since the corresponding values in the response must match the values sent in the query, it is difficult for a blind attacker, who does not see the query, to forge a valid response and insert a new name. The new vulnerability allows an attacker to de-randomize the IP address of the name server a BIND resolver queries—reducing the amount of information a blind attacker must guess to successfully poison BIND's cache. At issue is BIND's Smoothed Round Trip Time (SRTT) algorithm. Distributed Denial of Service Attacks constitutes a relatively new type of DNS based attack that has proliferated with the rise of high bandwidth Iot botnets like Mirai. This attack uses the high bandwidth connections of IP cameras, DVD boxes and other IoT devices to directly overwhelm the DNS server of major providers. The volume of requests from IoT devices overwhelms the DNS provider’s services and prevents legitimate users from accessing the provider’s DNS servers. PREVENTION How to check DNS settings inWindows? For Windows: 1) In the Start Menu, locate the Command Prompt menu item which is usually found in the Accessories. 2) Right click on the command prompt menu item and select Run As Administrator. 3) In the command prompt window type the following command:
Information Security Project Report 6 | P a g e ipconfig/flushdns 4) If the problem persists type the following two commands: net stop dnscachenet startdnscache Thus, this is how DNS poisoning attach can be used while the method to prevent and avoid it is given above [9]. Detecting whether your DNS server has been tampered with or you’ve been infected with DNS changer malware can be difficult. Most of us don’t routinely check our DNS settings, and it may well be that only a few DNS entries have been poisoned. You might encounter more ads or involuntary redirection, but there may be no clear symptoms at all.That said, here are a few precautions you can and should take to protect yourself from DNS spoofing: o Always check forHTTPS:If DNS spoofing has led you to a malicious website, it will likely look identical or nearly identical to the genuine site you intended to visit. The difference is that the imposter won’t have a valid SSL certificate for the domain, which means you won’t see “https” or a closed padlock in your browser’s URL bar. The padlock indicates that your connection to the site is encrypted and verifies the server owner is who it says it is. Note that not all websites use HTTPS, so this is not a foolproof method. You can install the HTTPS Everywherebrowser extension to force your browser to always load the HTTPS version of a website when available. If you come across a site with HTTPS but it’s indicated in red or crossed out, then the SSL certificate is not valid and you should leave the site immediately. o Encrypted DNS:Due to the well-documented security weaknesses in DNS, a few vendors have stepped up to provide improved DNS security. DNSCrypt is perhaps the most popular of these for end users. DNSCrypt is a lightweight app that encrypts DNS traffic between the user and an OpenDNS nameserver, much in the same way that SSL encrypts traffic to websites that use HTTPS. This prevents spying, man-in-the-middle attacks, and, of course, DNS spoofing. You will need to configure your device to use an OpenDNS nameserver, which is free. o VPN:A VPN, short for Virtual Private Network, is a service that encrypts all the internet traffic going to and from your device and routes it through an intermediary server in a location of the user’s choosing. Quality VPN services use their own private DNS servers, and all DNS requests are sent through the encrypted tunnel. This means DNS requests
Information Security Project Report 7 | P a g e cannot be intercepted or altered, and you’ll be using a (hopefully) secure nameserver. Note that not all VPNs are created equal. Some use public DNS servers like Google DNS, while others allow DNS requests to leak outside of the encrypted tunnel, which means the default nameserver is used. Be sure to research your VPN provider’s specifications regarding DNS servers and DNS leak protection before signing up. o Antivirus:Use up-to-date antivirus software and keep real-time protection enabled. This should stop malware payloads containing DNS changer malware from infecting your device and other devices, including routers, on the network. o Disable JavaScript andWebRTC: Known strains of DNS changer malware have found their way onto end user devices through the use of JavaScript and WebRTC. JavaScript is a programming language used in many web pages today, so going without it might be too inconvenient for some users. That being said, JavaScript is often used to deploy malware. WebRTC is a communications protocol used by browser-based Voice over Internet Protocol (VoIP) services like Skype for Chrome. Chances are you don’t need it, but it’s enabled by default in most browsers including Firefox and Chrome. In Chrome, you can disable WebRTC by installing the WebRTC Network Limiter extension. In Firefox, enter about:config in the URL bar. Search for the media.peerconnection.enabled parameter and set it to false. A good VPN will disable WebRTC for you. If you’re not sure whether WebRTC is enabled in your browser, you can run a test here. o DNSSEC:For those operating nameservers, Domain Name System Security Extensions (DNSSEC) provide sorely needed authentication. This suite of specifications ensures trust between the end user and the DNS server. With DNSSEC properly implemented, the user knows responses come from the domain name owner and not from a corrupted DNS entry. DNSSEC also does not encrypt DNS records [8]. DNS ATTACKS IN PAST In Brazil in November 2011, the users faced malicious redirections when trying to access websites such as YouTube, Gmail and Hotmail, as well as local market leaders including Uol, Terra and Globo. In all cases, users were asked to run a malicious file as soon as the website opened. Brazil has some big ISPs. Official statistics suggest the country has 73 million computersconnected to the Internet, and the major ISPs average 3 or 4 million customers
Information Security Project Report 8 | P a g e each. If a cybercriminal can change the DNS cache in just one server, the number of potential victims is huge [5]. Similarly, in Turkey around September 2011, A Turkish hacker group diverted traffic to a number of high-profile websites including the Telegraph, UPS, Betfair, Vodafone, National Geographic, computer-maker Acer and technology news site the Register, putting unwary users at risk of having passwords, emails and other details stolen. Industry experts warned people not to log on to sites such as Betfair because their details could be stolen. Some people viewing the sites thought that they had been hacked directly, with the sites appearing to show a message in Turkish by a group called Turk Guvenligi, which last month carried out a similar attack on a Korean company. But in fact the sites themselves remained unaffected. The group had instead attacked the domain name system (DNS), which is used to route users to websites. A list of the sites affected by the hack, including Microsoft in Brazil and Dell in South Korea, was posted on the zone-hwebsite, used by hackers to list their successes [6]. Hacker with nickname AlpHaNiX defaces Google, Gmail, YouTube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning.DNS cache poisoning is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a name server [7]. REFERENCES [1]http://www.networksolutions.com/support/what-is-a-domain-name-server-dns-and-how-does- it-work/ [2] https://en.wikipedia.org/wiki/DNS_spoofing [3] https://securitycommunity.tcs.com/infosecsoapbox/articles/2017/11/03/dns-spoofing-how- protect-your-organization-it [4] http://www.cs.tufts.edu/comp/116/archive/fall2013/apolyakov.pdf [5] https://securelist.com/massive-dns-poisoning-attacks-in-brazil-31/31628/ [6] https://www.theguardian.com/technology/2011/sep/05/turkish-hacker-group-diverts-users [7] https://thehackernews.com/2011/12/dns-cache-poisoning-attack-on-google.html [8]https://privacy.net/dns-spoofing/ [9]https://www.slideshare.net/monark111/what-is-dns-poisoning

Empfohlen

DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning Attack
Fatima Qayyum
 
Dns ppt
Dns pptDns ppt
Dns ppt
Bizuworkk Jemaneh
 
Domain name server
Domain name serverDomain name server
Domain name server
Mobile88
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
Peter R. Egli
 
Dns security
Dns securityDns security
Dns security
Dhaval Kapil
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)
Shashidhara Vyakaranal
 
DNS Security
DNS SecurityDNS Security
DNS Security
inbroker
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddos
kalyan kumar
 

Empfohlen

DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning Attack
Fatima Qayyum
 
Dns ppt
Dns pptDns ppt
Dns ppt
Bizuworkk Jemaneh
 
Domain name server
Domain name serverDomain name server
Domain name server
Mobile88
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
Peter R. Egli
 
Dns security
Dns securityDns security
Dns security
Dhaval Kapil
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)
Shashidhara Vyakaranal
 
DNS Security
DNS SecurityDNS Security
DNS Security
inbroker
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddos
kalyan kumar
 
Domain name system
Domain name systemDomain name system
Domain name system
Siddharth Chandel
 
DNS Security
DNS SecurityDNS Security
DNS Security
johnmcclure00
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
Er. Shiva K. Shrestha
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Ahmed Ghazey
 
Dns(Domain name system)
Dns(Domain name system)Dns(Domain name system)
Dns(Domain name system)
Fâhém Ähmêd
 
Domain name system
Domain name systemDomain name system
Domain name system
Nifras Ismail
 
Dns
DnsDns
Dns
Sanoj Kumar
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
Himanshu Prabhakar
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name System
Gurkamal Rakhra
 
Dns 2
Dns 2Dns 2
Dns 2
Tech_MX
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNS
ThousandEyes
 
Domain name service
Domain name serviceDomain name service
Domain name service
ishapadhy
 
DDoS Protection
DDoS ProtectionDDoS Protection
DDoS Protection
Amazon Web Services
 
DNS Presentation
DNS PresentationDNS Presentation
DNS Presentation
Shubham Srivastava
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNS
Akshay Tiwari
 
Client server model
Client server modelClient server model
Client server model
Gd Goenka University
 
Proxy servers
Proxy serversProxy servers
Proxy servers
Kumar
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
Leon Teale
 
Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name System
Chinmay Joshi
 
DNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisDNS Advanced Attacks and Analysis
DNS Advanced Attacks and Analysis
CSCJournals
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Jennifer Nichols
 

Weitere ähnliche Inhalte

Was ist angesagt?

Proxy servers
Proxy serversProxy servers
Proxy servers
Kumar
 

Was ist angesagt? (20)

Domain name system
Domain name systemDomain name system
Domain name system
 
DNS Security
DNS SecurityDNS Security
DNS Security
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Dns(Domain name system)
Dns(Domain name system)Dns(Domain name system)
Dns(Domain name system)
 
Domain name system
Domain name systemDomain name system
Domain name system
 
Dns
DnsDns
Dns
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name System
 
Dns 2
Dns 2Dns 2
Dns 2
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNS
 
Domain name service
Domain name serviceDomain name service
Domain name service
 
DDoS Protection
DDoS ProtectionDDoS Protection
DDoS Protection
 
DNS Presentation
DNS PresentationDNS Presentation
DNS Presentation
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNS
 
Client server model
Client server modelClient server model
Client server model
 
Proxy servers
Proxy serversProxy servers
Proxy servers
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name System
 

Ähnlich wie DNS spoofing/poisoning Attack Report (Word Document)

DNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisDNS Advanced Attacks and Analysis
DNS Advanced Attacks and Analysis
CSCJournals
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Jennifer Nichols
 
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
IJNSA Journal
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
IJNSA Journal
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
IJNSA Journal
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014
Laura L. Adams
 
DNS Cache Poisoning
DNS Cache PoisoningDNS Cache Poisoning
DNS Cache Poisoning
Kourosh Sajjadi
 
DNS Hijacking: What Is It And How It Can Affect You?
DNS Hijacking: What Is It And How It Can Affect You?DNS Hijacking: What Is It And How It Can Affect You?
DNS Hijacking: What Is It And How It Can Affect You?
Abraxas Market
 
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docxDoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
madlynplamondon
 
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PROIDEA
 

Ähnlich wie DNS spoofing/poisoning Attack Report (Word Document) (20)

DNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisDNS Advanced Attacks and Analysis
DNS Advanced Attacks and Analysis
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
 
Infoblox Secure DNS Solution
Infoblox Secure DNS SolutionInfoblox Secure DNS Solution
Infoblox Secure DNS Solution
 
Kipp berdiansky on network security
Kipp berdiansky on network securityKipp berdiansky on network security
Kipp berdiansky on network security
 
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and Risk
 
Dns
DnsDns
Dns
 
Dns
DnsDns
Dns
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
DNS Cache Poisoning
DNS Cache PoisoningDNS Cache Poisoning
DNS Cache Poisoning
 
DNS Hijacking: What Is It And How It Can Affect You?
DNS Hijacking: What Is It And How It Can Affect You?DNS Hijacking: What Is It And How It Can Affect You?
DNS Hijacking: What Is It And How It Can Affect You?
 
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docxDoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
 
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
 
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
 

Mehr von Fatima Qayyum

Mehr von Fatima Qayyum (17)

Keras CNN Pre-trained Deep Learning models for Flower Recognition
Keras CNN Pre-trained Deep Learning models for Flower RecognitionKeras CNN Pre-trained Deep Learning models for Flower Recognition
Keras CNN Pre-trained Deep Learning models for Flower Recognition
 
GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)
 
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
A Low-Cost IoT Application for the Urban Traffic of Vehicles, Based on Wirele...
 
Gamification of Internet Security by Next Generation CAPTCHAs
Gamification of Internet Security by Next Generation CAPTCHAs Gamification of Internet Security by Next Generation CAPTCHAs
Gamification of Internet Security by Next Generation CAPTCHAs
 
Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document) Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document)
 
Stress managment
Stress managmentStress managment
Stress managment
 
Waterfall model
Waterfall modelWaterfall model
Waterfall model
 
Artificial Intelligence presentation
Artificial Intelligence presentation Artificial Intelligence presentation
Artificial Intelligence presentation
 
Subnetting
SubnettingSubnetting
Subnetting
 
UNIX Operating System
UNIX Operating SystemUNIX Operating System
UNIX Operating System
 
Define & Undefine in SQL
Define & Undefine in SQLDefine & Undefine in SQL
Define & Undefine in SQL
 
Security System using XOR & NOR
Security System using XOR & NOR Security System using XOR & NOR
Security System using XOR & NOR
 
Communication skills (English) 3
Communication skills (English) 3Communication skills (English) 3
Communication skills (English) 3
 
Creativity and arts presentation (1)
Creativity and arts presentation (1)Creativity and arts presentation (1)
Creativity and arts presentation (1)
 
BCD Adder
BCD AdderBCD Adder
BCD Adder
 
World religon (islam & judaism)
World religon (islam & judaism)World religon (islam & judaism)
World religon (islam & judaism)
 
Communication Skills
Communication SkillsCommunication Skills
Communication Skills
 

Kürzlich hochgeladen

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Kürzlich hochgeladen (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

DNS spoofing/poisoning Attack Report (Word Document)

  • 1. Contents Application level attacks: DNS Spoofing/Poisoning ...................................................................... 2 DNS................................................................................................................................................. 2 How it works?.................................................................................................................................2 DNS Attacks:...................................................................................................................................2 DNS SPOOFING/POISONING ..................................................................................................... 3 Aims of Attackersfor DNS Spoofing:.................................................................................................4 How DNS Spoofing Occurs? .............................................................................................................4 WAYS TO EXPLOIT..................................................................................................................... 4 PREVENTION................................................................................................................................ 5 How to check DNS settings in Windows?..........................................................................................5 DNS ATTACKS IN PAST ............................................................................................................. 7 REFERENCES ............................................................................................................................... 8
  • 2. Information Security Project Report 2 | P a g e Application level attacks: DNS Spoofing/Poisoning DNS DNS stands for ‘Domain Name Server’. Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses. This is necessary because, even if domain names are easy for people to remember, computers or machines, access websites based on IP addresses [1]. How it works? DNS translates domain names to IP addresses so browsers can load internet resources. Information from all the domain name servers across the Internet are gathered together and housed at the Central Registry. Host companies and Internet Service Providers interact with the Central Registry on a regular schedule to get updated DNS information. When you type in a web address, e.g., www.google.com, your Internet Service Provider (ISP) views the DNS associated with the domain name, translates it into a machine friendly IP address (for example 74.125.236.32 is the IP for google.com) and directs your Internet connection to the correct website [1]. DNS Attacks: 1. Packet Interception 2. ID Guessing and Query Prediction 3. Name Chaining 4. Betrayal by Trusted Server 5. Denial of Service 6. Authenticated Denial of Domain Names 7. DNS Amplification Attack 8. DNS Cache Poisoning / DNS Spoofing
  • 3. Information Security Project Report 3 | P a g e 9. (DDoS) Distributed Denial of Service attack 10. BIND9 Spoofing DNS Amplification Attack: Attacker use DNS open resolvers by sending DNS requests with source IP address of the target. When Resolvers receive DNS queries, they respond by DNS responses to the target address. Attacks of these types use multiple DNS open resolvers so the effects on the target devices are magnified. (DDOS) Distributed Denial of Service: The attacker tries to target one or more of 13 DNS root name servers. The root name servers are critical components of the Internet. Attacks against the root name servers could, in theory, impact operation of the entire global Domain Name System. BIND9 Spoofing: BIND is most widely used DNS software on Internet. BIND 9 (Stable Production Release) BIND 9 DNS queries are predictable. Source UDP port and DNS transaction ID can be effectively predicted. BIND9 is found to be predictable to 10 choices. This enables a much more effective DNS cache poisoning than the currently known attacks against BIND 9. DNS SPOOFING/POISONING DNS spoofing, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker's computer [2]. DNS spoofing corrupts the domain name system, diverting internet traffic away from its intended destination. DNS spoofing is used to censor the internet, redirect end users to malicious websites, and carry out DDoS attacks on web servers. DNS spoofing is also known as: o DNS tampering o DNS hijacking o DNS redirection DNS attack tools are readily available on the Internet (for example, dsniff, dnshijack, and many more) and they are all FREE! DNS spoofing is an overarching term and can be carried out using various methods such as: o DNS cache poisoning o Compromising a DNS server o Implementing a Man in the Middle Attack o Guessing a sequence number However, an attacker’s end goal is usually the same no matter which method they use. Either they want to steal information, re-route you to a website that benefits them, or spread malware.
  • 4. Information Security Project Report 4 | P a g e Aims of Attackers for DNS Spoofing: There are a number of reasons why a hacker or other entity might do this: o Launch an attack: By changing the IP address for a popular domain like Google.com, for example, a hacker could divert a large amount of traffic to a server incapable of handling so much traffic. This can cause the server to slow down, stop, and encounter numerous errors. Such a “denial-of-service” attack can shut down a website or game server, for example. o Redirection: A corrupted DNS entry can redirect users to websites they do not intend to visit. A hacker might use this to send victims to a phishing site. Phishing sites often look identical to the real website but are operated by a hacker, tricking the user into entering private information such as their username and password. ISPs sometimes use DNS redirection to serve advertisements and collect user browsing data. o Censorship: Browsing the web is nearly impossible without DNS, so whoever controls the DNS server controls who sees what on the web. Government-controlled ISPs in China, for instance, use DNS tampering as part of their nationwide censorship system, known as the Great Firewall, to block websites from public view. How DNS Spoofing Occurs? DNS spoofing occurs in one of two ways: o Tampering with an existing DNS name server’s resolver cache, or o Creating a malicious DNS name server and spreading malware that makes routers and end user devices use it WAYS TO EXPLOIT In order to achieve DNS Amplification attack, the attacker performs two malicious tasks,
  • 5. Information Security Project Report 5 | P a g e 1. The attacker spoofs the IP address of DNS Resolver (converts domain name to IP address) and replaces it with the victims IP address. This is because all reply of the DNS server will respond back to victims’ server. 2. The attacker finds Internet domain registered with many DNS records. Ex domain.example.com, domain1.example.com etc. Then the attacker DNS query to get all records of example.com. Now the attacker is ready to launch the attack. In order to get all records for example.com with spoofed source IP (victims IP); the attacker sends multiple DNS queries from different computers with different DNS server. The request that comes from the DNS resolver to resolve the domain name to IP address but as the resolvers IP changed with the victims IP, all the response from the DNS server will go to the source server (victims). Now the attacker got the amplification attack because for the request a large no of response will send to the victim (sometimes 100 times larger). If the server generates 3 Mbps DNS query it amplifies to 300 Mbps in victim side which creates traffic which is the resource consuming task in victim’s side. So, the victim’s side will be so busy to handle the attack which leads to Denial of Service attack [3]. DNS resolvers like BIND use unpredictable values with each generated query. Since the corresponding values in the response must match the values sent in the query, it is difficult for a blind attacker, who does not see the query, to forge a valid response and insert a new name. The new vulnerability allows an attacker to de-randomize the IP address of the name server a BIND resolver queries—reducing the amount of information a blind attacker must guess to successfully poison BIND's cache. At issue is BIND's Smoothed Round Trip Time (SRTT) algorithm. Distributed Denial of Service Attacks constitutes a relatively new type of DNS based attack that has proliferated with the rise of high bandwidth Iot botnets like Mirai. This attack uses the high bandwidth connections of IP cameras, DVD boxes and other IoT devices to directly overwhelm the DNS server of major providers. The volume of requests from IoT devices overwhelms the DNS provider’s services and prevents legitimate users from accessing the provider’s DNS servers. PREVENTION How to check DNS settings inWindows? For Windows: 1) In the Start Menu, locate the Command Prompt menu item which is usually found in the Accessories. 2) Right click on the command prompt menu item and select Run As Administrator. 3) In the command prompt window type the following command:
  • 6. Information Security Project Report 6 | P a g e ipconfig/flushdns 4) If the problem persists type the following two commands: net stop dnscachenet startdnscache Thus, this is how DNS poisoning attach can be used while the method to prevent and avoid it is given above [9]. Detecting whether your DNS server has been tampered with or you’ve been infected with DNS changer malware can be difficult. Most of us don’t routinely check our DNS settings, and it may well be that only a few DNS entries have been poisoned. You might encounter more ads or involuntary redirection, but there may be no clear symptoms at all.That said, here are a few precautions you can and should take to protect yourself from DNS spoofing: o Always check forHTTPS:If DNS spoofing has led you to a malicious website, it will likely look identical or nearly identical to the genuine site you intended to visit. The difference is that the imposter won’t have a valid SSL certificate for the domain, which means you won’t see “https” or a closed padlock in your browser’s URL bar. The padlock indicates that your connection to the site is encrypted and verifies the server owner is who it says it is. Note that not all websites use HTTPS, so this is not a foolproof method. You can install the HTTPS Everywherebrowser extension to force your browser to always load the HTTPS version of a website when available. If you come across a site with HTTPS but it’s indicated in red or crossed out, then the SSL certificate is not valid and you should leave the site immediately. o Encrypted DNS:Due to the well-documented security weaknesses in DNS, a few vendors have stepped up to provide improved DNS security. DNSCrypt is perhaps the most popular of these for end users. DNSCrypt is a lightweight app that encrypts DNS traffic between the user and an OpenDNS nameserver, much in the same way that SSL encrypts traffic to websites that use HTTPS. This prevents spying, man-in-the-middle attacks, and, of course, DNS spoofing. You will need to configure your device to use an OpenDNS nameserver, which is free. o VPN:A VPN, short for Virtual Private Network, is a service that encrypts all the internet traffic going to and from your device and routes it through an intermediary server in a location of the user’s choosing. Quality VPN services use their own private DNS servers, and all DNS requests are sent through the encrypted tunnel. This means DNS requests
  • 7. Information Security Project Report 7 | P a g e cannot be intercepted or altered, and you’ll be using a (hopefully) secure nameserver. Note that not all VPNs are created equal. Some use public DNS servers like Google DNS, while others allow DNS requests to leak outside of the encrypted tunnel, which means the default nameserver is used. Be sure to research your VPN provider’s specifications regarding DNS servers and DNS leak protection before signing up. o Antivirus:Use up-to-date antivirus software and keep real-time protection enabled. This should stop malware payloads containing DNS changer malware from infecting your device and other devices, including routers, on the network. o Disable JavaScript andWebRTC: Known strains of DNS changer malware have found their way onto end user devices through the use of JavaScript and WebRTC. JavaScript is a programming language used in many web pages today, so going without it might be too inconvenient for some users. That being said, JavaScript is often used to deploy malware. WebRTC is a communications protocol used by browser-based Voice over Internet Protocol (VoIP) services like Skype for Chrome. Chances are you don’t need it, but it’s enabled by default in most browsers including Firefox and Chrome. In Chrome, you can disable WebRTC by installing the WebRTC Network Limiter extension. In Firefox, enter about:config in the URL bar. Search for the media.peerconnection.enabled parameter and set it to false. A good VPN will disable WebRTC for you. If you’re not sure whether WebRTC is enabled in your browser, you can run a test here. o DNSSEC:For those operating nameservers, Domain Name System Security Extensions (DNSSEC) provide sorely needed authentication. This suite of specifications ensures trust between the end user and the DNS server. With DNSSEC properly implemented, the user knows responses come from the domain name owner and not from a corrupted DNS entry. DNSSEC also does not encrypt DNS records [8]. DNS ATTACKS IN PAST In Brazil in November 2011, the users faced malicious redirections when trying to access websites such as YouTube, Gmail and Hotmail, as well as local market leaders including Uol, Terra and Globo. In all cases, users were asked to run a malicious file as soon as the website opened. Brazil has some big ISPs. Official statistics suggest the country has 73 million computersconnected to the Internet, and the major ISPs average 3 or 4 million customers
  • 8. Information Security Project Report 8 | P a g e each. If a cybercriminal can change the DNS cache in just one server, the number of potential victims is huge [5]. Similarly, in Turkey around September 2011, A Turkish hacker group diverted traffic to a number of high-profile websites including the Telegraph, UPS, Betfair, Vodafone, National Geographic, computer-maker Acer and technology news site the Register, putting unwary users at risk of having passwords, emails and other details stolen. Industry experts warned people not to log on to sites such as Betfair because their details could be stolen. Some people viewing the sites thought that they had been hacked directly, with the sites appearing to show a message in Turkish by a group called Turk Guvenligi, which last month carried out a similar attack on a Korean company. But in fact the sites themselves remained unaffected. The group had instead attacked the domain name system (DNS), which is used to route users to websites. A list of the sites affected by the hack, including Microsoft in Brazil and Dell in South Korea, was posted on the zone-hwebsite, used by hackers to list their successes [6]. Hacker with nickname AlpHaNiX defaces Google, Gmail, YouTube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning.DNS cache poisoning is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a name server [7]. REFERENCES [1]http://www.networksolutions.com/support/what-is-a-domain-name-server-dns-and-how-does- it-work/ [2] https://en.wikipedia.org/wiki/DNS_spoofing [3] https://securitycommunity.tcs.com/infosecsoapbox/articles/2017/11/03/dns-spoofing-how- protect-your-organization-it [4] http://www.cs.tufts.edu/comp/116/archive/fall2013/apolyakov.pdf [5] https://securelist.com/massive-dns-poisoning-attacks-in-brazil-31/31628/ [6] https://www.theguardian.com/technology/2011/sep/05/turkish-hacker-group-diverts-users [7] https://thehackernews.com/2011/12/dns-cache-poisoning-attack-on-google.html [8]https://privacy.net/dns-spoofing/ [9]https://www.slideshare.net/monark111/what-is-dns-poisoning