What’s the DNS Cache Poisoning?

The DNS cache poisoning or DNS cache pollution is a technique allowing to deceive the DNS servers in order to get them to believe that they receive a valid answer to a request they do, while it is fraudulent.

To carry out a DNS cache poisoning attack, the attacker exploits the DNS server’s vulnerability which then accepts the incorrect information. If the server doesn’t validate the received information, and doesn’t check that it comes from a reliable source, then it will stock these wrong information in its cache. Afterwards, it will transmit it to the users who execute the request aimed by the attack.

This kind of attack by DNS cache poisoning, allows for example, to send a user towards a fake website, the content of which can serve to phishing or as virus vector or other malicious applications. A computer present on the Internet uses normally a DNS server managed by the Internet services provider. This DNS server is most of the time limited to the services provider’s network users only and its cache contains a part of the information collected in the past. An attack by poisoning on only one DNS server of the services provider can affect all its users, either directly or indirectly if the slaves’ servers spread the information.

For more information on attacks targeting the DNS, please visit Nameshield’s blog and read the article The 3 most common DNS attacks and how to defeat them.

Source: Nameshield’s White paper – Understanding domain names