A DNS, that is, Domain Name System is responsible for converting a domain name to IP address. It is type of a operation that helps your browser to reach the IP address of the website you are looking for. It is generally maintained by Internet Service Provider (ISP). This DNS is attacked by cybercriminals to get the information such as your bank account number or other personal details.
DNS Cache refers to the local cache that consists of the resolved IP address of the websites you frequently use. The DNS Cache is meant to save the time as the translation of domain to IP address is a time consuming process. But sometimes the DNS Cache is also poisoned which is known as DNS Cache poisoning in which the attacker changes your DNS Cache entries to the fake IP addresses for the websites.
What is DNS Hijacking?
As the name indicates, DNS hijacking is a technique used by the attacker to make use of your browser’s tryout to resolve the IP address of the website you want to load. The URL’s that we use are in text format and a specific IP address is assigned for each URL. A bunch of operations are involved in resolving the IP address. The attacker takes benefit of the lengthy operation and sends a fake IP address to your computer that belongs to them.
The cybercriminals tend to install a malware on your computer that alters the DNS and so whenever your browser resolves an URL, it gets in touch with the fake DNS server instead of the authentic one. The authentic DNS servers are scanned by ISCANN. The malware thus installed on your computer modifies the default and trusted DNS of your computer to some other IP address. And so, when your browser makes an attempt to resolve an IP address, it is redirected to a fake DNS server which in turn results in your browser loading a malicious website that may steal your credentials.
Many a times, DNS hijacking is confused with DNS Cache poisoning. DNS hijacking makes use of malware while DNS Cache poisoning overwrites the local DNS cache with fake one that redirects the browser to a malicious website.
What are the dangers of DNS hijacking?
There are mainly two types of danger associated with DNS hijacking-
Pharming is a type of attack in which the complete website traffic is redirected to an another website. For example, you might have noticed that when you try to load a specific site then it automatically redirects you to a site with pop ups or advertisement.
Phishing is another technique in which the user is redirected to a malicious website resembling to that of original one. For example, if you try to open your bank account then the DNS may redirect you to an another website for stealing your details.
Ways to Stop DNS Hijacking
- Use a good firewall system.
- Use a good security software that shields you from malwares especially DNS changers.
- Flush excess DNS cache.
- Update your security system from time to time.
- If you suspect that your DNS is infected then delete the HOSTS file and reset them.
- If a DNS changer has changed your DNS, then change your DNS settings.
- Avoid using untrusted websites.
DNS hijacking has been a threat but with proper knowledge and prevention you can surely get rid of the trouble. It is always recommended to use the services of a professional like BlueCat who have up to date knowledge of the current flaws and defenses against DNS hijacking.