Table of Contents
What Is Cache Poisoning?
It is a type of cyber-hack in which corrupted DNS data is inserted into the cache of client side DNS which is called DNS resolver. In DNS cache poisoning attack, attackers send fake responses to return different IP address. New IP address redirect user to the server which is in control by the attacker.
DNS cache poisoning attacks are used to spread Malware, man in the middle attack, and denial of service attack.
Cache Poisoning Attack
These attacks rely on vulnerabilities in DNS software. Attacker provides false data to the DNS server cache and when the user visits the attacked server they will be rerouted to the new IP address which is set by the attacker.
And until the cache is cleared, users will be regularly redirected to the fake IP address.
DNS cache poisoning uses social engineering to trick victims into downloading malwares. The fake servers and websites that criminals use replacing genuine IP addresses are designed to look genuine but contain malware.
The problem in detecting cache poisoning attack is that the domain name looks as if it is real and it is very hard for a user to detect this attack. This results in user’s becoming victim of cache poisoning attack.
How To Prevent It?
There are many different measures that organization can take to prevent cache poisoning attack:
- Regularly update DNS servers and check that their security patches are up to date.
- The resolver should be prevented from external users.
- DNS Caches should be cleared on LAN and WAN.
- Important step in preventing attack is to install reliable firewall.
- Different servers should be used so that in case of attack, other servers will work properly.
- Configure your DNS server to limit repetitive queries.
- Store data related to requested domain.
- Restrict query responses to solely give info regarding the requested domain.
- DNS servers should be maintained to ensure that there are no extra services are running. With unwanted services running on the DNS server it will be more prone to attacks.
- There are different tools available to help defend against cache poisoning attacks.
The DNS cache poisoning attacks are one of the many attacks that cyber criminals use. They damage organization’s reputation and infrastructure. Users that use victim’s services are affected by these attacks. Necessary steps should be taken to prevent these types of attack. You can never be 100% sure that you are safe from these attacks, however, these steps will ensure enough safety that your system is quite secure than others.