Domain Name System (DNS) Attacks

(OBJ 2.4)

Domain Name System (DNS)

• Fundamental component of the internet that is responsible for translating human-friendly domain names into IP addresses that computers can understand
• Makes it a prime target for cyber attacks

Some of the Various Types of DNS Attacks

• DNS Cache Poisoning (DNS Spoofing)
  • Corrupts a DNS resolver's cache with false information
  • Redirects users to malicious websites
  • Mitigation
    • Use DNSSEC (Domain Name System Security Extensions) to add digital signatures to DNS data to ensure its authenticity and integrity
    • Implement secure network configurations and firewalls to protect DNS servers from unauthorized access
• DNS Amplification Attacks
  • Overwhelms a target system with DNS response traffic by exploiting the DNS resolution process
  • Spoofed DNS queries sent to open DNS servers
    • Will then send back a large response to the victim's IP address.
  • Example:
    • If an attacker could send a small query to an open DNS server to request a large amount of data like the entire list of hosts in the domain, this will be sent to the victim's IP address which in turn causes a flood of unwanted traffic which can appear to look like a DoS Attack against a victim's system.
  • Mitigation
    • Limit the size of DNS responses
    • Rate limit DNS response traffic to reduce the impact
• DNS Tunneling
  • Encapsulates non-DNS traffic (e.g., HTTP , SSH) over port 53
  • Attempts to bypass firewall rules for command and control or data exfiltration
  • An attacker can use DNS tunneling to evade a company's firewall and steal sensitive data
    • Effective for sneaking data out of a given network
  • Mitigation
    • Monitor and analyze DNS logs for unusual patterns indicating tunneling
• Domain Hijacking (Domain Theft)
  • Unauthorized change of domain registration
    • Altering a domain name's registration without the original registrant's consent
  • May lead to loss of website control and redirection to malicious sites
  • Mitigation
    • Regularly update and secure registration account information
    • Use domain registry lock services to prevent unauthorized changes to the domain registrations
• DNS Zone Transfer Attacks
  • The attacker mimics an authorized system to request and attempt to obtain an entire DNS zone data copy
  • Exposes sensitive information about a domain's network infrastructure
  • Could be used for reconnaissance in future attacks