Skip to content

MITM: DNS spoofing

Description


DNS spoofing, also known as DNS cache poisoning, is a type of computer attack that manipulates the Domain Name System (DNS) records to redirect users to a fraudulent website or other malicious content.

When you enter a website's URL in your web browser, the browser sends a request to a DNS server to obtain the IP address of the website. The DNS server returns the IP address associated with the URL, allowing your browser to connect to the correct web server.

In DNS spoofing, an attacker intercepts the DNS request and sends a fraudulent response back to the user's browser with a false IP address that corresponds to a fake website that the attacker has created. This can be used to redirect the user to a malicious website that appears to be legitimate, allowing the attacker to steal sensitive information, install malware, or carry out other malicious activities.

Diagram


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                 ┌──────────────────┐
                                                                   
                                                    REAL WebSite   
┌──────────────────┐    ┌──────────────────┐                       
                                             └──────────────────┘
     VICtim       ├────┤    DNS Server    ├──┐
                                            ┌──────────────────┐
└──────────────────┘    └──────────────────┘                      
                                           └─►│   FAKE WebSite   
                                                                
                             Inject Fake         └──────────────────┘
                              DNS entry
                        ┌──────────────────┐
                                          
                              Hacker      
                                          
                        └──────────────────┘
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Prevention


DNS spoofing can be prevented by using DNSSEC (Domain Name System Security Extensions), which adds digital signatures to DNS data to ensure its authenticity, or by using a Virtual Private Network (VPN) to encrypt your web traffic and protect your connection from interception.