Shulou(Shulou.com)06/01 Report--

DNS hijacking, also known as domain name hijacking, refers to intercepting the request for domain name resolution within the hijacked network, analyzing the requested domain name, and releasing the request outside the scope of review, otherwise it returns a false IP address or does nothing to make the request unresponsive, the effect is that it cannot respond to a specific network or visits a fake URL.

DNS hijacking detection

IIS7 website monitoring

Test whether the website is hijacked, whether the domain name is walled, DNS pollution detection and other information.

DNS hijacking principle

We take the user visiting Taobao: www.taobao.com as an example to explain, normally: the user enters the domain name of www.taobao.com in the browser, and then the computer sends a request to the DNS server to ask what is the IP address of the domain name www.taobao.com? The DNS server queries and returns the IP address corresponding to the www.taobao.com domain name: 121.14.24.241, and then the computer will access the IP address.

After DNS is hijacked, the user's access becomes like this: when the user's computer queries the DNS server for the I flat address of the www.taobao.com domain name, the DNS server will return a fake IP address, such as 1.1.1.1, and then the user's computer will establish a connection with the 1.1.1.1 page. The page of this address is very similar to that of the real Taobao, so it is difficult for ordinary users to distinguish. And then defraud the user.

DNS hijacking is now generally easy to occur on broadband routers, because now most of our Internet access is through a broadband router dial-up Internet, computers, mobile phones and other devices are connected to the router to access the Internet. On the other hand, most people will set their mobile phones and computers to automatically obtain IP addresses and DNS server addresses, that is, IP and DNS addresses from routers. Response measures

The best way to deal with DNS hijacking is to manually specify the DNS server address, you can manually configure the DNS server address on the computer, the DNS server address can consult your broadband operator, or use the free DNS server, the domestic 114.114.114.114, 8.8.8.8 provided by Google. Of course, you can also configure the DHCP server on the broadband router, specify the DNS server address in the DHCP server, and all devices connected to the router will use the specified DNS server address.

Generally speaking, the hijacking of DNS is often characterized by abnormal surfing the Internet and advertising on normal pages.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.