A technique by which DNS server is tricked, in the belief that the server has received the authentic information, but in reality it is not received, is called DNS Poisoning. This leads to the conversion of web addresses into numeric IP addresses, and thus substituting the false IP address at the DNS level. With the IP address of the server controls, the attacker can easily replace the IP address entries for a target site on a given DNS server. A fake DNS entry can be created by the attacker for the server containing malicious content.
For instance, a user types www.google.com, but instead of being directed to the Google’s site, the user is sent to a fraud site.
By this, it is understood that the DNS poisoning is used to redirect the users to the fake pages which are managed by the attackers.
Explain in detail the Ethical Hacking DNS Poisoning Exercise?
An exercise on DNS poisoning is done using the Ettercap tool.
Both DNS poisoning and ARP poisoning are similar. DNS poisoning is initiated by staring the ARP poisoning. DNS spoof plugin is used.
Step 1 − Open the terminal and type “nano etter.dns”. All the entries if the DNS addressed to resolve the domain name addresses used by Ettercap exist in this file. A fake entry of “Facebook” is added in this file. If the user desires to open facebook, then he is redirected to another website.
Step 2 − Now insert the entries under the words “Redirect it to www.linux.org”. Observe the below example -
Step 3 – Save the file and exit. The file is saved by using “ctrl+x”.
Step 4 − After this, the process is same to start ARP poisoning. After starting ARP poisoning, click on “plugins” in the menu bar and select “dns_spoof” plugin.
Step 5 − After this, the process is same to start ARP poisoning. After starting ARP poisoning, click on “plugins” in the menu bar and select “dns_spoof” plugin.
Step 6 − After activating the DNS_spoof, the results arrear that facebook.com will start spoofed to Google IP whenever someone types it in the browser.
It means the user gets the Google page instead of facebook.com on their browser.
By this exercise, it is understood that using different tools and methods, network traffic can be sniffed. In such situations an ethical hacker is required by the company who can provide network security in prevention of these attacks.
How an Ethical Hacker Defenses against DNS poisoning?
Ethical hacker mainly concentrates on putting in a prevention position rather than doing a pen testing. The information known as an attacker can help in prevention of the techniques employed from outside.
Some of the defences against the attacks from the pen tester’s perspective are :
Hardware-switched network is used for most of the portions of the network in order to isolate the traffic to a single segment.
Implement IP DHCP Snooping on switches to prevent ARP poisoning and spoofing attacks.
Implement policies to prevent promiscuous mode on network adapters.
Be careful when deploying wireless access points, knowing that all traffic on the wireless network is subject to sniffing.
Encrypt your sensitive traffic using an encrypting protocol such as SSH or IPsec.
Port security is used by switches that have the ability to be programmed to allow only specific MAC addresses to send and receive data on each port.
IPv6 has security benefits and options that IPv4 does not have.
Replacing protocols such as FTP and Telnet with SSH is an effective defense against sniffing. If SSH is not a viable solution, consider protecting older legacy protocols with IPsec.
Virtual Private Networks (VPNs) can provide an effective defense against sniffing due to their encryption aspect.