Shulou(Shulou.com)06/01 Report--

What is DNS hijacking?

DNS hijacking, also known as domain name hijacking, means that the resolution control of a domain name is obtained by some means, and the resolution result of the domain name is modified, resulting in the access to the domain name is transferred from the original IP address to the modified designated IP. As a result, the specific URL cannot be accessed or the URL is fake.

IIS7 website monitoring

Test whether the website is hijacked, whether the domain name is walled, DNS pollution detection and other information.

If you can pretend to be a domain name server, and then set the queried IP address to the IP address, so that users can only see the home page on the Internet, rather than the home page of the site they want to get, this is the basic principle of DNS hijacking.

In fact, DNS hijacking is not really "hacked" the other party's website, but impostors, swaggering and cheating.

DNS hijacking harm

Fishing fraud

Online shopping and online payments may be maliciously directed to other websites, increasing the risk of personal account leaks.

Malicious advertisements appear on the website

If it is light, it will affect the network speed, but if it is heavy, it will not be able to access the Internet.

DNS hijacking method

1. Use DNS server for DDOS

The normal DNS server recursive query process may be utilized as DDOS. Assume that the IP address of the machine is known, and then use that address as the source address to send the parsing command. So that when a recursive query is made using the DNS server, the DNS server responds to the original user. So if you control enough broilers and do this repeatedly, you will receive the response message DDOS from the DNS server.

If there are enough broiler flocks, the network can be dragged down until it is interrupted. The important challenge of using the DNS server is that it conceals its own whereabouts and makes it difficult for the victim to trace the original data because it does not communicate directly with the host.

2. DNS cache infection

Using DNS requests, put the data into the cache of a vulnerable DNS server. These cached information will be returned to the user when the customer accesses the DNS, thus directing the customer's access to the normal domain name to the set page such as horse-hanging and phishing, or obtaining the user's password information through fake e-mail and other server services, resulting in further infringement on the customer.

3. DNS information hijacking

The TCP/IP system avoids the insertion of counterfeit data through serial numbers and other ways. If you monitor the conversation between the client and the DNS server, you can guess the DNS query ID that the server responds to the client. Each DNS message includes an associated 16-bit ID number, according to which the DNS server acquires the request source location. Give the false response to the user before the DNS server, so as to deceive the client to visit the malicious website. Suppose that when the DNS packet data of a domain name resolution request submitted to a domain name server is intercepted, and then a false IP address is returned to the requester as reply information according to the intention of the interceptor. The original requester will access the fake IP address as the domain name it wants to request, so he will be deceived elsewhere and unable to connect to the domain name he wants to access.

4. DNS redirection

Redirect the DNS name query to a malicious DNS server, and the resolution of the hijacked domain name is completely under control.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.