Domain System Name (DNS) Hijacking or Redirection is the subversion of resolutions meant for DNS queries. Its a malicious attack which takes over the TCP/IP settings of a computer. The computer is then directed to a scrupulous DNS server. This process invalidates the default DNS settings. Redirection takes place under the influence of a hacker. The attacker modifies the behavior of the original server to a point of non-compliance with internet standards. Modifications can be for malicious reasons like phishing or for advertising. This is done by providers and router-based online DNS service providers. Selected domains are also made inaccessible using this technique.
Working Principle of DNS Hijacking
DNS is used to map user friendly domain names to corresponding IP addresses. As mentioned before, DNS is owned by an internet service provider and other private organizations. Normally, your computer uses a Domain System Name from the Internet Service Provider. Some of DNS services are provided by reputable companies like Google, GoDaddy. There is no guarantee of safety since hackers are capable of gaining access to your computer and changing the DNS settings. In this case your computer ends up using an unscrupulous DNS server. The latter DNS translates the domains of pre-defined websites like banks into IPs meant for malicious websites. Now, when you type a certain URL, you end being taken to a fake website. DNS-changing Trojans are used blindly switch automatic DNS servers from a trusted ISP to manual rogue DNS servers. DNS serves meant for routers can be altered by exploiting the vulnerability of the firmware remotely.
Dangers of DNS Hijacking
Severity of this malicious activity depends on the attackers intention. Most of hijacking is done to support advertisements or collection of statistics. This type of hijacking is harmless but its still a violation of RFC standards for DNS responses. Serious risks include Pharming and Phishing. Pharming is the attack of website’s traffic for redirection to another fake website. This is mostly done by hijackers who earn from advertisements. Phishing is a DNS attack where users are redirected to a malicious website which closely resembles the original one. For instance, when you log in to your bank account, you can be directed to a malicious site which fraudulently obtains your login details.
[/icon] Similar post: How to Secure your own Domain Names?Common Functionalities that Breakdown After DNS Hijacking
Windows Server domain laptops will be misled while trying to reconnect to corporate servers. After hijacking all email servers, domain controllers an other entities appear available. This causes timeouts, degraded performance and unnecessary internet connection. Rogue DNS servers feed wrong IP Addresses on LAN which cause failure in internet connection. Hijacking browsers without Browse By Name functionality redirects users to closest websites.
False entries remain cached when clients between home network and VPN on an unscrupulous DNS server. This causes outages on VPN connections. The ISP is tricked by malicious applications into believing that requested serves are available for connection. These applications end up leaking confidential data. Redirection also causes malfunctioning of computers that use tunnel and VPN connection. Breakage of Web Proxy Auto-discovery Protocol by misleading web browsers that proxy server is configured by ISP. Breaks monitoring software meant for server maintenance.
Preventing DNS Hijacking
- DNS software like Dnsmasq and BIND are used to filter search results. These are installed on routers to protect the whole network.
- Keep away from untrustworthy websites that offer free downloads, Most of them use Trojan horse malware for attack.
- Install a very powerful anti-virus and update it frequently.
- Change your routers password to prevent hackers from tampering with factory settings.
Solutions After DNS Hijacking
Remedies to DNS hijacking especially by DNS Changer malware are simple and straightforward. You can easily recover from damages caused by these malicious programs. You only need to verify your current DNS settings to make sure you are using the right DNS IPS. In most cases you maybe using Blacklisted Domain System Names. Therefore you have to configure your DNS settings as per ISP guidelines.
Bottom Line
DNS hijacking is very common even on Google servers. It is mostly done for malicious and advertising purposes. Malware like Trojan have been used to leak bank and social networking login details. Redirection of servers causes breakdown in many computer and networking functionalities. You can prevent them by changing router passwords, installing strong antivirus and avoiding untrustworthy sites. Dont panic if you fall victim to DNS hijacking. Just verify your settings and configure them as per your ISP.
