Networking / Beginners

DNS

Domain Name Service (DNS) is a hierarchical name service used with TCP/IP hosts that is distributed and replicated on servers across the Internet. It is used on the Internet and on intranets for translating IP addresses into host names. The host names can be used in URLs. DNS can be thought of as a lookup table that allows users to specify remote computers by host names rather than their IP addresses. The advantage of DNS is that you don't have to know the IP addresses for all the Internet sites to access the sites. DNS can be configured to use a sequence of name servers, based on the domains in the name being sought, until a match is found. The most commonly deployed DNS server software on the Internet is BIND. DNS is subject to several different spoofs. Two common ones are the man in the middle (MIM) and DNS poisoning. Redirects, another less common attack, rely on the manipulation of the domain name registry itself to redirect a URL.

MIM Attack

In a MIM attack, a hacker inserts himself or herself between a client program and a server on a network. By doing so the hacker can intercept information entered by the client, such as credit card numbers, passwords, and account information. Under one execution of this scheme, a hacker would place himself or herself between a browser and a Web server. The MIM attack, which is also sometimes called Web spoofing, is usually achieved by DNS or hyperlink spoofing.

There are several ways a hacker can launch a MIM attack. One way is to register a URL that is very similar to an existing URL. For example, a hacker could register a URL like www.microsoft.com. When someone who wants to go to the Microsoft Web site at www.microsoft.com mistakenly types in www.microsoft.com they would be brought to a Web site set up by the hacker to look like the Microsoft Web site.

To Web surfers everything would look normal. They would interact with the counterfeit Web site just as they would with the real site. As the Web surfer enters in choices and information the hacker's Web site can even pass it onto the real site and pass back to the Web surfer the screens that the real site returns.

[Previous] [Contents] [Next]

In this tutorial:

  1. Threats and Attacks
  2. The OSI Reference Model
  3. TCP/IP Protocol Suite
  4. Threats, Vulnerabilities, and Attacks
  5. Attacks
  6. Viruses
  7. Worm
  8. Trojan Horses
  9. Trap Doors
  10. Logic Bombs
  11. Port Scanning
  12. Spoofs
  13. Sequence Number Spoofing
  14. DNS
  15. DNS Poisoning
  16. Redirects
  17. Password Cracking
  18. Sniffing
  19. War Dialing
  20. Denial of Service
  21. Ping of Death
  22. SYN Flooding
  23. SPAM
  24. Smurf Attack