What’s the DNS Cache Poisoning?

The DNS cache poi­son­ing or DNS cache pol­lu­tion is a tech­nique allow­ing to deceive the DNS servers in order to get them to believe that they receive a valid answer to a request they do, while it is fraud­u­lent.

To car­ry out a DNS cache poi­son­ing attack, the attack­er exploits the DNS server’s vul­ner­a­bil­i­ty which then accepts the incor­rect infor­ma­tion. If the serv­er doesn’t val­i­date the received infor­ma­tion, and doesn’t check that it comes from a reli­able source, then it will stock these wrong infor­ma­tion in its cache. After­wards, it will trans­mit it to the users who exe­cute the request aimed by the attack.

This kind of attack by DNS cache poi­son­ing, allows for exam­ple, to send a user towards a fake web­site, the con­tent of which can serve to phish­ing or as virus vec­tor or oth­er mali­cious appli­ca­tions. A com­put­er present on the Inter­net uses nor­mal­ly a DNS serv­er man­aged by the Inter­net ser­vices provider. This DNS serv­er is most of the time lim­it­ed to the ser­vices provider’s net­work users only and its cache con­tains a part of the infor­ma­tion col­lect­ed in the past. An attack by poi­son­ing on only one DNS serv­er of the ser­vices provider can affect all its users, either direct­ly or indi­rect­ly if the slaves’ servers spread the infor­ma­tion.

For more infor­ma­tion on attacks tar­get­ing the DNS, please vis­it Nameshield’s blog and read the arti­cle The 3 most com­mon DNS attacks and how to defeat them.

Source: Nameshield’s White paper – Under­stand­ing domain names