DNS Poisoning and How To Prevent It

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

DNS poisoning. Simply the name conjures up the kind of thoughts that keep network admins up at night. What if my RNDC key gets leaked? Could there be a rogue DHCP server within my perimeter? Are the Lizard Squad planning an attack on for Christmas?

Much of what we know now about DNS, address protocol, and packet priority is being redefined with the recent ‘Net Neutrality’ legislation. Instead of becoming a party to the hoopla that is partisan politics surrounding THAT issue, let me assure you there are many different mitigation strategies for not only securing your own network against DNS poisoning, but also working towards a harmonious kum-by-ah solution that in the end, may end up resolving (pun intended) the DNS plight. So, let’s silence the alerting system, and get down to what DNS poisoning is, why it’s still around, and one of the best ways to solve it.

Why is DNS Poisoning Possible?

The first thing to understand about DNS ‘poisoning’ is that the purveyors of the Internet were very much aware of the problem. Essentially, DNS requests are “cached”, or stored, into a database which can be queried in almost real-time to point names like ‘hotmail.com’ or ‘google.com’ to their appropriate IP addresses. Can you imagine having to remember a string of numbers instead of a fancy name to get to your desired WWW (or GOPHER – if that’s your thing) resources? 321.652.77.133 or 266.844.11.66 or even 867.53.0.9 would be very hard to remember. [Note: I have obfuscated REAL IP addresses with very fake ones here. Always trying to stay one step ahead of the AI Armageddon. Real IP addresses end with the numerical value of ‘255’ within each octet.]

No, remembering strings of numbers would be next to impossible. But thankfully, and all because of Al Gore (sarcasm) we have the DNS mechanism that gives us [relatively] easy names to remember how to get to our favorite resources.

DNS basically runs the Internet. Without it, only the most uber-geeky of computer scientists would be able to traverse it.  Strings of numbers are just simply not how humans identify information. They help, but in reality, words and language are what separate us from our impending robotic overlords.

It’s because of this, that as the Internet began to grow, the DNS (Domain Name System) was created. To help us get from one side of the world to the other, with little angst. However, due to the limitations of computing (especially storage and bandwidth) at the time, the early versions of DNS simply used a “distributed” text file for name resolution. Think “blockchain” for EVERY SINGLE HOST that existed on the ‘Net back then. It was a nicer and friendlier place, and that system worked well. Until it didn’t, and some nice folks at ARIN and ICANN came along and began the system we use today: DNS.

In its simplest explanation, DNS takes a name (e.g. yahoo.com) and looks at the locally configured ‘Nameservers’ for the “answer” to the question: ‘What is the IP address of yahoo.com?’. Once an answer is found, it is passed back to the client requesting it, and the routing and magic of the TCP protocol kicks into gear, and the peasants rejoice. Except there are sometimes problems that arise that cause the peasants to NOT rejoice, and for network engineers to curse the vile notion of DNS. You see, since DNS arose during a time where “real-time” anything was not technically possible; to aid performance and allow for USABLE networks, DNS answers were logged into a locally stored ‘cache’ or database on the DNS server which issues the query. That’s all fine and good when the ‘Netizens were nice and jolly folks, but it didn’t take long for the Web to evolve and, well, sometimes DNS cache can be the weakest point of your network.

We have seen quite a few vulnerabilities of the DNS protocol exploited over the years, the most primitive being the HOSTS file. This is *not* an article detailing the mitigation of a HOSTS file attack. It’s been the “standard” strategy for solving DNS issues for entirely too long, and plenty of information on how to eliminate this type of “attack” is already available.

Read the whole article by Jeff Thompson on the AlienVault blog.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
3144 Followers
About AlienVault
AlienVault is simplifying the way organizations detect and respond to today’s ever evolving threat landscape. Our unique, award-winning approach combines the essential security controls of our all-in-one Unified Security Management platform with the power of AlienVault’s Open Threat Exchange, the world’s largest crowd-sourced threat intelligence community, making effective and affordable threat detection attainable for resource-constrained IT teams.
Promoted Content
Beginner’s Guide to Threat Intelligence
A major recent trend in the security marketplace is to invest in some form of threat intelligence service to close the security knowledge gap and better focus scarce IT resources. But if you ask ten people what threat intelligence is, you will get ten different answers. In this AlienVault beginner's guide, you'll learn about: - Different threat intelligence sources - Why threat intelligence is critical for threat detection - The benefits of threat intelligence - How to generate threat intelligence - AlienVault's approach to threat intelligence Download this paper today to learn what threat intelligence is, what it is not, and why it is critical for organizations of all sizes to improve their threat detection, prioritization, and response capabilities.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel