What is DNS cache poisoning?
DNS cache poisoning is a form of DNS spoofing and refers to attacks that attempt to insert manipulated entries into the DNS cache of name servers. By doing so, attackers tamper with the assignment between domain names and their matching IP addresses, directing internet users to a fake and usually malicious website when they access the domain.
A definition of DNS cache poisoning
In cache poisoning, cybercriminals abuse the way Domain Name Systems (DNS) work to lure unsuspecting internet users to fake websites and steal their login credentials and other sensitive information. In a figurative sense, the DNS acts as the telephone book of the internet and defines the assignment of domain names to the IP addresses of web servers. The correct assignment is stored in the DNS entries, which are provided by name servers worldwide and temporarily cached locally on routers and computers. If attackers succeed in corrupting one of these name servers via security vulnerabilities and are able to inject fake entries, they also end up in the cache of every server, router, and device that requests the affected domain from the name server. The DNS cache is now “poisoned” and redirects internet users to the website specified by the attackers. The latter is usually aimed at stealing login credentials or distributing malware.
What makes DNS cache poisoning so dangerous?
Depending on the name server on which the cache was tampered with, there is a risk that the fake entries will be quickly distributed far and wide on the internet. If, for example, a name server is affected which provides multiple Internet Service Providers (ISPs) with its information, the malicious DNS entries will quickly find their way to all of the ISPs’ customers. The problem can only be solved by restoring the correct entries to all affected caches.
What impact does DNS cache poisoning have on businesses?
Cybercriminals can use cache poisoning to target the customers of individual companies and services. Such attacks have serious consequences for the companies involved:
Data manipulation and misuse
What are appropriate protective measures against DNS cache poisoning?
A number of measures and solutions are suitable for protecting DNS name resolution from tampering by cache poisoning. For example, DNS queries can be protected by using DNS cookies that ensure the authenticity and integrity of clients, servers, and the data transferred between them. The implementation of DNSSEC technology also promises protection against cache poisoning, but is cumbersome in practice and entails other weaknesses. For example, cybercriminals can exploit DNSSEC to intensify DDoS attacks.
What you need to know about cache poisoning
Cybercriminals use cache poisoning to redirect traffic to other web servers without being noticed. To do this, they exploit vulnerabilities to tamper with the DNS entries of name servers, which are then loaded into the cache of requesting servers and devices. Internet users then end up on the website created by the hackers when they enter a domain in their web browser. These are mostly phishing websites designed to intercept login credentials and other sensitive information. Such fake portals can also be used to spread malware.
To defend against cache poisoning attacks, name servers can be outfitted with DNS extensions such as DNS cookies or DNSSEC, which are used for authentication and integrity checks of clients, servers, and data. These technologies make cache poisoning considerably more difficult for attackers.
The Myra DNS infrastructure supports the use of DNS cookies and DNSSEC to protect against cache poisoning.
If you are interested in futher informations, we are willing to send you our product sheet for free
How Myra DDoS Protection can reliably secure your website or web application against all DDoS attack vectors:
- How is the protection activated in case of attack?
- What are the advantages of Myra protection solution?
- What are the features of Myra DDoS Protection for web applications?