DNS Attacks - CompTIA Security+ SY0-701 - 2.4

DNS Poisoning

• Modify the DNS server

• Requires some crafty hacking

• Modify the client host file

• The host file takes precedent over DNS queries

• Send a fake response to a valid DNS request

• Requires a redirection of the original request

or the resulting response

Domain Hijacking

Get access to the domain registration account, and you have conttrol where the traffic flows.

- You don't need to touch the actual servers

- Determines the DNS names and DNS IP addresses

Many ways to get into the account

- Brute force

- Social engineer the password

- Gain access to the email address

- The usual things

URL hijacking

• Make money from your mistakes

- There's a lot of advertising on the 'net

• Sell the badly spelled domain to the actual owner

- Sell a mistake

• Redirect to a competitor

- Not as common, legal issues

• Phishing site

- Looks like the real site, please login

• Infect with a drive-by download

- You've got malware!

Types of URL hijacking

- Typosquatting / brandjacking

- Outright misspelling

-A typing error

- A different phrase

-Different top-level domain