- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
DNS Spoofing involves corrupting an Internet server's Domain Name System table by replacing a valid Internet address with that of another, rogue address. When a web user looks for the affected page, the request is redirected to a different address where a worm, spyware, web browser hijacking program, or other malware can be downloaded to the user's computer from the rogue location.
A DNS Spoofing attack is possible because of HTTP Response Splitting and flaws in the web application. DNS Spoofing can be transmitted within spam email messages, images, and banner ads, increasing the rate at which rogue programs are spread.
With man-in-the-middle (MITM) attacks, attackers intercept communication between a user and a DNS server, and forge destination IP addresses to point to malicious domains.
If a response is cached in a shared web cache commonly found in proxy servers, all users of that cache will continue to receive the malicious content until the cache entry is purged, this is known as DNS cache poisoning. The same is true if the response is cached in an individual user’s browser. With cache poisoning the risk goes beyond the DNS server that was originally infected and persists over an extended period of time.
DNS servers require strong security configurations to guard from being compromised and hijacked by hackers. Strategies for mitigation: