| Recorded | |||||
|---|---|---|---|---|---|
| 09/26/2023 | |||||
| 10/06/2023 |
| DNS is an essential component of today's digital networking which converts between the underlying Internet Protocol (ICP) addresses and human-readable domain names. However, the weakness of this long-life networking protocol has resulted in a plethora of security issues and vulnerabilities. For example, anyone with knowledge of how to create such domains can easily create a multitude of fake addresses that will appear to be authoritative on the network. As a result, any data entered into these fake IP addresses results in ineffective authentication and could ultimately pose as a security threat. A corresponding issue has been posed by a security vulnerability called the DNS server spoofing attack. This technique involves sending requests from a spoofed IP address to a DNS server to obtain suspicious information about the resolved names in the DNS database. While some DNS servers can quickly detect and reject such fake server responses, many will return the spoofed information and negatively affect the integrity of a domain name or any IP address. To counter this, today many companies use a service called an authoritative nameserver or resolver to serve queries from IP addresses contained in DNS servers that are authoritative or trusted. There are many ways to attack or spoof IP addresses using a phone book. For example, some phone books contain lists of public static IP addresses for which there is limited record maintenance. Other phone books may contain directorylookup databases that are used for reverse lookups. In either case, data entered into the phone book is vulnerable to being hijacked. There is another way to attack domain name spoofing. This method is more difficult than a typical reverse look-up because it requires a two-step process. The first step is for the user or target domain name viewer to input data into a dns client. This data could be an IP address or name. Once the user inputs this data the dns client sends an HTTP request for information on the domain. If the dns client successfully sends the requested information it is forwarded to the target or authoritative name server. Once the target server receives the requested data it will compare the IP address to the IP addresses entered by the user before, and if it finds a match it will return the resolved IP address. This is a very simple attack but it is necessary to know that each different dns client on each different server will calculate the IP address by itself. Therefore, if the attacker is able to control one or more domain name systems they will have control of the majority of global IP address allocations. This means that an attacker with even just one server can skew the majority of global IP address allocations. Another way to spoof an IP address is for the user to enter their domain name during the web browser's log in process. When a user types in their domain name and clicks enter the web browser will log the domain name as well as their log in information into the "enter log in" box. If the attacker has control of one or more dns lookup services the attacker can use this information to reset the "log in" setting to their own domain name. This will allow them to bypass most of the authentication that is done while the web browser is in use. Most web browsers will prompt the user to confirm that they really do want to enter their domain name at this point however, if the user is still in the midst of the web browser's log in process the attacker will have an IP address that they can use to bypass all of the security that is done. Many people are not aware of how dns works and what it can actually do. A normal computer connected to the internet protocol will receive and reply to requests sent by computer users. The internet protocol address (IP) is used by computers to communicate over a network of physical devices. All of the computers on a network can become part of an IP address using an easy to use and highly efficient process. This process is called Domain Name System (DNS) and it allows computers and devices on a global network to connect with each other. The primary goal of domain name system is to provide a way for different computers on a network to communicate. An example would be a computer connected to the internet could send a request to another computer that is physically located on a different part of the world. Each of these computers will receive the request and will return a response back to the requesting computer. In some cases the return response may also contain sensitive information or personal data which is why domain name records are used as a means of authentication. |