Shulou(Shulou.com)06/02 Report--

Recently, there are Internet vulnerabilities on the network-DNS cache vulnerabilities, which directly point to the fragile security system of the Internet in our applications, and the root cause of poor security lies in design defects. Exploiting this loophole can make it impossible for users to open web pages, while phishing and financial fraud can cause huge losses to victims.

DNS cache poisoning, also known as DNS spoofing, is an attack designed to find and exploit vulnerabilities in DNS or domain name systems to attract organic traffic from legitimate servers to fake servers. This kind of attack is often classified as domain spoofing attack (pharming attack), which can lead to many serious problems. First of all, users tend to think that they are logging on to websites they are familiar with, but they are not. Unlike phishing attacks using illegal URL, this attack uses a legitimate URL address.

How does DNS cache poisoning work?

When a DNS cache server gets a domain name request from a user, the server looks in the cache for this address. If not, it will issue a request from the superior DNS server.

Before this vulnerability, it was difficult for attackers to attack the DNS server: they had to control the legitimate DNS server by sending fake query responses and obtaining the correct query parameters to enter the cache server. This process usually lasts less than a second, so it is difficult for a hacker to succeed.

However, now that security personnel have found the vulnerability, the process has been shifted in favor of the attacker. This is because the attacker learned that the server could not respond to persistent query requests to the cache server. For example, a hacker might make a similar request: 1q2w3e.google.com, and he knows that the domain name cannot be in the cache server. This will cause the cache server to issue more query requests, and there will be a lot of opportunities to spoof responses.

Of course, this is not to say that attackers have a lot of opportunities to guess the correct values of query parameters. In fact, it is the disclosure of this open source DNS server vulnerability that could expose it to a dangerous attack within 10 seconds.

You know, even if 1q2w3e.google.com is exposed to a cache DNS poisoning attack, no one will make such a domain name request, but this is where attackers are powerful. By spoofing the response, the hacker can also point to the cache server to an illegal server domain name address, which is generally controlled by the hacker. And generally speaking, both aspects of the information cache server will store.

Because the attacker can now control the domain name server, each query request is redirected to the server specified by the hacker. This means that hackers can control subdomain URLs under all domain names: www.bigbank.com,mail.bigbank.com,ftp.bigbank.com and so on. This is so powerful that any query involving a subdomain URL can be directed to any server specified by the hacker.

What is the risk of DNS cache poisoning?

The main risk of DNS cache poisoning is data theft. Favorite targets of DNS cache poisoning attacks are hospitals, websites of financial institutions and online retailers. These targets are easily deceived, which means that any password, credit card or other personal information can be compromised. In addition, the risk of installing a key logger on a user's device may cause users to expose their usernames and passwords when they visit other sites.

Another major risk is that if the Internet security provider's website is spoofed, the user's computer may be affected by other threats (such as viruses or Trojans). Because once attacked, the user will not perform a legitimate security update.

It is said that the average annual cost of DNS attacks is $2.236 million, of which 23% of the attacks are caused by DNS cache poisoning.

How to prevent DNS cache poisoning

So how on earth should enterprises prevent DNS cache poisoning attacks? We should start from the following points:

First, the DNS server should be configured to rely as little as possible on trust relationships with other DNS servers. Configuring in this way makes it more difficult for attackers to use their own DNS server to destroy the target server.

Second, the enterprise should set up a DNS server to allow only the required services to run. Because running other services that are not needed on the DNS server will only increase the size of the attack vector.

Third, security personnel should also ensure that the latest version of DNS is used. Newer versions of BIND have features such as encrypted security transaction ID and port randomization to help prevent cache poisoning attacks.

Fourth, security education for users is also very important to prevent these attacks. Users should be trained to identify suspicious sites, and users should learn to visit only HTTPS sites, which helps prevent people from becoming victims of poisoning attacks because they ensure that their personal information is not entered into the hacker's website. If they receive a SSL warning before connecting to the site, they will not click the ignore button. So that you won't be attacked by DNS cache poisoning.

Conclusion

HTTPS is the most secure solution under the current architecture. SSL certificate can directly identify phishing websites, prevent websites from being poisoned by DNS cache, and protect information security. To deploy SSL certificates, you must choose a CA institution with credibility, and choose CA institutions preferably through the certification of international Webtrust standards, and CA institutions with international electronic certification service capabilities. Passing the certification of international Webtrust standards means that the operation management and service level of CA institutions are in line with international standards, and have the ability and qualification to provide global certification services, which is an effective proof of reliable electronic certification services.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.