December 14, 2016

Common DNS Threats And How To Tackle Them


DNS or Domain Name System is an integral part of the internet. It serves the task of mapping the web address you typed in your browser (like to its corresponding IP address (which is in this case). Without DNS it is impossible for the internet to work at all. DNS servers are accessed billions of times every single day! With this much usage, it is bound to attract the attention of hackers, who are ever ready to latch onto any opportunity to carry out their malicious activities.

In recent times the DNS-based attacks on networks have increased remarkably. Attacks like Operation Aurora and DNSChanger attack have exposed how much vulnerable internet is to the DNS-based attacks. These days DDoS attacks are also very frequently used by the hackers. Many attacks go unnoticed due to the ignorance of the victim and some are not even reported by the firms for the sake of their reputation.

These are 6 threats to the DNS and ways to tackle them, but while you are reading this article, there are many more new threats being designed and deployed globally. Thus it becomes essential for us to know about the DNS threats and the ways in which we can tackle them.

1. DNS hijacking – When we access the internet, our request first passes through the DNS servers. These servers are maintained by the various ISPs (Internet Service Providers). But the hackers, with the help of malware, redirect this traffic through their compromised servers which in turn redirect us to spoofed websites. This is a common practice used for obtaining login details or making money by redirecting someone to advertisement sites. The malware responsible for it comes into our system by attaching itself to the files which we downloaded from the net, so having a 24×7 working DNS firewall would certainly solve the problem.

2. DNS cache poisoning – Cache poisoning is analogous to DNS hijacking in nature. In this case, also the hacker redirects us to a website of his choice by modifying the DNS. But this time he is not using a compromised server rather he uses our own system for it. When we access some site, its IP is automatically saved in the cache of our system, so that next time we try to access it, whole DNS server need not be searched again. But the hacker again with the help of malware manages to infect your cache and result is same as that of DNS hijacking. Similar to DNS hijacking, a firewall is a solution for it.

3. Typosquatting – Suppose while typing the URL, you mistyped one character in the URL. In this situation the DNS server should show an error message, as the site you requested doesn’t exist. But the hackers register these domain names for their own malicious sites. So if instead of, you accidently typed or some other variation of it, another very similar site will open where you would enter your credentials. In this way, the hacker will get your login details easily. There is no way to prevent such sites from opening if you have typed the wrong URL, so you must be very careful while typing the URL of the site. Also, you must ensure that the site is genuine before entering your details.

4. Man in the Middle – In the MitM attack, the attacker surreptitiously intercepts the line between the server and the client. He poses as the server to the client and as the client to the server. Now, the whole traffic is going through the attacker’s system and he has full access to the whole communication. He is free to use the information he gathers for his benefit or relay whatever message he wishes on either side. The best solution for this problem is to have a secure end to end encryption between the client and the server.

5. DDoS attacks – A DNS server is designed to handle a large number of requests. But there is a threshold after which the network will start to slow down and ultimately get choked. DDoS or Distributed Denial of Service attack targets this vulnerability of the DNS servers. In a DDoS attack, the server is flooded with innumerable requests from various systems at the same time. The network thus becomes inaccessible to anyone. Since DDoS attack uses a large number of systems simultaneously, it is not possible to stop it just by blocking few IPs. It is very difficult to mitigate and the best possible solution is to use the latest DNS firewall and security solution.

6. NXDomain attacks – NXDomain is the message received when the DNS server comes across an invalid domain name and fails to resolve it. If the server is flooded with these false domain names, the server gets clogged because it is searching for a non-existent domain name. NXDomain is also used by the ISPs for their monetary benefits by redirecting the NXDomain request to a fake website which is full of advertisements.

Although, all these threats significantly differ from each other in their nature, but they all share the same core i.e. DNS. Thus, to protect ourselves from all of them it is necessary to have an efficient and effective DNS security solution. So far the DNS firewall is the best option in front of us to tackle these DNS threats. One can also go for the customized security solutions as per one’s requirements.