当前位置:网站首页>DNS hijacking
DNS hijacking
2022-07-06 17:53:00 【TABE_】
Here's the catalog title
DNS Hijacking and its principle
DNS Hijacking is also called domain hijacking , It means to obtain the resolution control of a domain name by some means , Modify the resolution result of this domain name , The access to the domain name is caused by the original IP The address is transferred to the modified designation IP, The result is that you can't access a specific URL or you can't access a fake URL .
If you can impersonate domain name server , Then put the query IP Address is set to the attacker's IP Address , In this case , Users can only see the attacker's homepage when they surf the Internet , It's not the home page of the website that users want to get , This is it. DNS The basic principle of hijacking .DNS Hijacking is not real “ Blackout ” The other side's website , It's the impostor 、 It's just cheating .
DNS Hijacking method
utilize DNS Server run DDOS attack
natural DNS The server recursive query process can be used to DDOS attack . Suppose that the attacker knows the IP Address , The attacker then uses this address as the source address to send the parsing command . In this way, when using DNS After the server recursively queries ,DNS The server responds to the original user , And this user is the victim . So if the attacker controls enough broilers , Repeat the above operation , Then the victim will be attacked by DNS Server response information DDOS attack .
If the attacker has enough broilers , Then the network of the attacker can be dragged down to interrupt . utilize DNS The important challenge of server attacks is , The attacker did not communicate with the attacked host directly , Hiding his whereabouts , Make it hard for the victim to trace the original attack .
DNS Cache infection
Use by attackers DNS request , Put the data in a vulnerable DNS In the server cache . The cache information will be stored in the client's database DNS Return to the user when accessing , In this way, the normal domain name access of users and customers can be guided to the fixed horse set by the intruder 、 Fishing and so on , Or through fake emails and other server The service obtains the user password information , Cause the customer to suffer further infringement .
DNS Information hijacking
TCP/IP The system avoids the insertion of counterfeit data through serial number and other ways , But if the intruder monitors the client and DNS Server conversations , You can guess what the server responds to the client DNS Inquire about ID. Every DNS The message contains an associated 16 position ID Number ,DNS Server according to this ID Get the source location of the request . The attacker is DNS The server gave the user a fake response before , So as to cheat the client to visit the malicious website . Suppose that when a domain name resolution request is submitted to a domain name server DNS Packet data is intercepted , Then according to the interceptor's intention, a false IP The address is returned to the requester as reply information . The original requester will take this fake IP The address is accessed as the domain name it requests , In this way, he was cheated to other places and could not connect to the domain name he wanted to visit .
DNS Redirect
The attacker will DNS Name queries are redirected to malicious DNS Server , The resolution of the hijacked domain name is completely under the control of the attacker .
How to prevent DNS hijacked
- Internet companies prepare more than two domain names , Once hackers do DNS attack , Users can also access another domain name .
- Manually modify DNS: Enter in the address bar :http://192.168.1.1 ( If the page doesn't display, try typing :http://192.168.0.1). Fill in your router's user name and password , Click on “ determine ”. stay “DHCP The server —DHCP” In service , Fill in the main DNS The server is more reliable 114.114.114.114 Address , spare DNS The server is 8.8.8.8, Click Save to .
- Change the router password : Enter in the address bar :http://192.168.1.1 ( If the page doesn't display, try typing :http://192.168.0.1). Fill in your router's user name and password , The router's initial user name is admin, The password is admin, If you have modified , Then fill in the modified user name and password , Click on “ determine ”. When you fill it in correctly , You will enter the router password modification page , In system tools —— Modify the login password page to complete the modification ( Original user name and password and 2 Fill in the same )
边栏推荐
- [getting started with MySQL] fourth, explore operators in MySQL with Kiko
- 重磅硬核 | 一文聊透对象在 JVM 中的内存布局,以及内存对齐和压缩指针的原理及应用
- 编译原理——预测表C语言实现
- Today in history: the mother of Google was born; Two Turing Award pioneers born on the same day
- EasyCVR授权到期页面无法登录,该如何解决?
- 微信小程序中给event对象传递数据
- Chrome prompts the solution of "your company management" (the startup page is bound to the company's official website and cannot be modified)
- Pytest learning ----- pytest operation mode and pre post packaging of interface automation testing
- RepPoints:可形变卷积的进阶
- QT中Model-View-Delegate委托代理机制用法介绍
猜你喜欢
SAP UI5 框架的 manifest.json
酷雷曼多种AI数字人形象,打造科技感VR虚拟展厅
Stealing others' vulnerability reports and selling them into sidelines, and the vulnerability reward platform gives rise to "insiders"
Optimization of middle alignment of loading style of device player in easycvr electronic map
Selected technical experts from China Mobile, ant, SF, and Xingsheng will show you the guarantee of architecture stability
[elastic] elastic lacks xpack and cannot create template unknown setting index lifecycle. name index. lifecycle. rollover_ alias
[getting started with MySQL] fourth, explore operators in MySQL with Kiko
【Elastic】Elastic缺少xpack无法创建模板 unknown setting index.lifecycle.name index.lifecycle.rollover_alias
带你穿越古罗马,元宇宙巴士来啦 #Invisible Cities
历史上的今天:Google 之母出生;同一天诞生的两位图灵奖先驱
随机推荐
C # nanoframework lighting and key esp32
重磅!蚂蚁开源可信隐私计算框架“隐语”,主流技术灵活组装、开发者友好分层设计...
Interview shock 62: what are the precautions for group by?
Manifest of SAP ui5 framework json
Awk command exercise
偷窃他人漏洞报告变卖成副业,漏洞赏金平台出“内鬼”
Grafana 9 is officially released, which is easier to use and more cool!
一体化实时 HTAP 数据库 StoneDB,如何替换 MySQL 并实现近百倍性能提升
MySQL error reporting solution
EasyCVR平台通过接口编辑通道出现报错“ID不能为空”,是什么原因?
基于STM32+华为云IOT设计的智能路灯
分布式(一致性协议)之领导人选举( DotNext.Net.Cluster 实现Raft 选举 )
kivy教程之在 Kivy 中支持中文以构建跨平台应用程序(教程含源码)
Alibaba brand data bank: introduction to the most complete data bank
The easycvr platform reports an error "ID cannot be empty" through the interface editing channel. What is the reason?
FMT开源自驾仪 | FMT中间件:一种高实时的分布式日志模块Mlog
Easy introduction to SQL (1): addition, deletion, modification and simple query
Olivetin can safely run shell commands on Web pages (Part 1)
Is it meaningful for 8-bit MCU to run RTOS?
Summary of study notes for 2022 soft exam information security engineer preparation