The attacker registered the domain name, and spelled the letter i in uppercase to make it look like a lower-case L, fooling many into thinking this is the legitimate. One of the earlier phishing attempts was the use of the domain name.
This type of attack is also known as a homograph attack. Some attacks play on the fact that certain domains look similar when using different fonts or encoding. An example of this was recently in the news when the Department of Homeland Security (DHS) issued an emergency directive () due to malicious tampering of government DNS entries. This is precisely what the DNSChanger trojan/malware did.Īnother way is to gain unauthorized access to the authoritative DNS data, such as stealing someone’s password, exploiting the DNS entry system vulnerability, or some other clever technique. When the user queries for, the attacker’s DNS server could return an IP address disguised as the target web site, or act as a proxy to capture all the data sent to the real web site. The attacker could change the user’s DNS setting, so instead of using 8.8.8.8, it uses the IP address of a DNS server under the attacker’s control. There are many ways to perform DNS Hijacking, the most common way we see is used by a captive portal such as a pay-for-use WiFi hotspot: before the user pays for access, the hotspot service captures all DNS queries, and regardless of what was asked, it returns the IP address of the payment server so the user can purchase WiFi access.Ĭhanging the client device setting to use a different DNS server is another common method of attack. This is also sometimes called DNS Redirection. DNS Hijacking refers to any attack that tricks the end user into thinking he or she is communicating with a legitimate domain name when in reality it is communicating with a domain name or IP address that the attacker has set up. Here is a more detailed description of each DNS attack type: DNS HijackingĭNS Hijacking is perhaps the most generic term here, and generally, it covers the other two techniques. These terms are often used interchangeably and the differences among them are subtle. DNS Spoofing is a DNS attack that changes DNS records returned to a querier DNS Hijacking is a DNS attack that tricks the end user into thinking they are communicating with a legitimate domain name and DNS Cache Poisoning is a DNS attack targeting caching name servers.
0 kommentar(er)
