Today, When we talk about Network Security, DNS security comes first and need to be forefront. Many Organizations fail to realize the DNS Threats and Fully functioned Website will be unseen or redirected to malicious websites. Like all technologies, It is vulnerable to attacks. Let’s Discuss Various DNS Attacks and How to defend against them.
DNS Security :
Organizations should financially sound high to Build DNS Infrastructure and maintain in-house DNS Expert to render the activities of Domain registrar and Third party networks. The pervasive nature of DNS lends source to Various Attacks. DNS Security is required to avoid attackers to look for new ways to damage the Organization DNS Protocol and DNS Infrastructure and yields organization completely Unreachable.
Types of DNS Attacks and Risk-mitigation strategies
1) DNS Cache Poisoning : The DNS cache is used when you visit a website or send a mail Every time. This cache is stored in your ISP network to improve performance and reduce load time. Sometimes, the DNS cache is susceptible to attacks.
In DNS cache poisoning, An Attacker replaces a Valid IP address in a DNS table with fraudulent addressing information. Users accessing DNS cache to visit the targeted site would find themselves instead at a server controlled by the attacker. If the attacker’s site were a close replica of the target’s official site, there would be no way for the user to tell that they were being phished. As far as their browser would know, it would be at the official site.
- Implementation of DNS Security Extensions (DNSSEC) will Add Authentication to DNS to increase the security of Internet Access. The DNSSEC Signature to domain names will validate the DNS Information they receive, stores Valid IP Address in DNS Table and obsolete all DNS cache poisoning attacks.
2) DDoS : Distributed denial of service (DDoS)
DDoS are not a DNS Attacks. However, the DNS is vulnerable to such attacks because it represents a logical choke point on the network, An Organization DNS infrastructure need to monitor the incoming requests and handle the such attacks to avoid degrade of the website.
- Reduce the DDoS Attacks against Domain names by migrating your domain name to managed DNS Provider with distributed, highly redundant network and handle DNS Traffic through anycast server to balance the load during DDoS attacks and yields Best performance.
3) DNS Amplification Attacks :
It’s a reflection-Based DDoS Attack, Here Attackers take off the confirm requests to DNS Servers to hide the source of the exploit and a much larger payload is directed to the target network. A recursive nature of DNS Servers will allow the attackers to exploit the DNS Servers using look-up requests sent by Spoofed IP Address. These Amplification requests can be increased in size and a bunch of spurious packets will be sent to the target network.
- The Overloaded requests will result in the botnet wielding many times the firepower, causing much more severely degraded performance at its victim’s site. Today, running a recursive DNS server that is open to the entire Internet is no longer considered acceptable security practice. Fortunately, securing your DNS servers against this kind of attack is usually achieved with a simple configuration change.
4) Registrar Hijacking :
Domain registrar will have control over all the registered domain names. If you trade off your Account, the attacker will again control over the Domain names and domain registrar servers and direct the domains to point to Servers of their choice like name servers, email servers, web servers. Or Can just display a recovery message with some complex information.
- To Reduce Registrar Highjacking, chose a registrar that provides Best Security features, Easy Domain control panels, DNS Management and Quick customer support to handle the technical issues. Many Paid mitigation strategies available with registrar to handle the risk of losing control over account.
5) DNS Tunnelling Attacks:
A Method to Control/command the Data exfiltration of Organization DNS Server. Uses DNS as a covert communication channel to bypass firewall. Malware Via Email Attachments, Social Engineering, compromised sites will cause victim to DNS Tunnelling.
The Attackers machine just need internal access to DNS Servers with External access. The Attacker tunnels other protocols like SSH, TCP or Web within DNS and can also control a domain and a server that can act as an authoritative server for that domain in order to run the server-side tunnelling and decoding programs. The Attackers try to enter the DNS infrastructure using dsncat2 Servers to monitor TXT requests. Whereas ICMP Tunnelling infuse arbitrary data into an echo packet sent to a remote computer
- Its Very hard to set security constraints on Tunnelling attacks. Some Practices may help you to protect the Network and detect dnscat2. i) Block all outgoing DNS requests to External Servers. ii) Delete All TXT resolve requests from incoming and outgoing traffic. iii) Block ICMP. iv) Filter the DNS Queries, send alert if someone reach thresholds.
Scopehosts is introducing Secure, convenient Domain registration. Search suitable Domain or Transfer your Domain to us, and host on SSD Based Shared hosting plan. Get DDoS Protection, security Audit, DNS Management, WhoisGuard Protection, Faster and Smarter Cloudflare DNS Protection, Easy control panels for domain activities. Explore Our Best New Web hosting services.
Leave a Reply