DNS Hijacking and its principle

DNS Hijacking is also called domain hijacking , It means to obtain the resolution control of a domain name by some means , Modify the resolution result of this domain name , The access to the domain name is caused by the original IP The address is transferred to the modified designation IP, The result is that you can't access a specific URL or you can't access a fake URL .

If you can impersonate domain name server , Then put the query IP Address is set to the attacker's IP Address , In this case , Users can only see the attacker's homepage when they surf the Internet , It's not the home page of the website that users want to get , This is it. DNS The basic principle of hijacking .DNS Hijacking is not real “ Blackout ” The other side's website , It's the impostor 、 It's just cheating .

DNS Hijacking method

utilize DNS Server run DDOS attack

natural DNS The server recursive query process can be used to DDOS attack . Suppose that the attacker knows the IP Address , The attacker then uses this address as the source address to send the parsing command . In this way, when using DNS After the server recursively queries ,DNS The server responds to the original user , And this user is the victim . So if the attacker controls enough broilers , Repeat the above operation , Then the victim will be attacked by DNS Server response information DDOS attack .
If the attacker has enough broilers , Then the network of the attacker can be dragged down to interrupt . utilize DNS The important challenge of server attacks is , The attacker did not communicate with the attacked host directly , Hiding his whereabouts , Make it hard for the victim to trace the original attack .

DNS Cache infection

Use by attackers DNS request , Put the data in a vulnerable DNS In the server cache . The cache information will be stored in the client's database DNS Return to the user when accessing , In this way, the normal domain name access of users and customers can be guided to the fixed horse set by the intruder 、 Fishing and so on , Or through fake emails and other server The service obtains the user password information , Cause the customer to suffer further infringement .

DNS Information hijacking

TCP/IP The system avoids the insertion of counterfeit data through serial number and other ways , But if the intruder monitors the client and DNS Server conversations , You can guess what the server responds to the client DNS Inquire about ID. Every DNS The message contains an associated 16 position ID Number ,DNS Server according to this ID Get the source location of the request . The attacker is DNS The server gave the user a fake response before , So as to cheat the client to visit the malicious website . Suppose that when a domain name resolution request is submitted to a domain name server DNS Packet data is intercepted , Then according to the interceptor's intention, a false IP The address is returned to the requester as reply information . The original requester will take this fake IP The address is accessed as the domain name it requests , In this way, he was cheated to other places and could not connect to the domain name he wanted to visit .

DNS Redirect

The attacker will DNS Name queries are redirected to malicious DNS Server , The resolution of the hijacked domain name is completely under the control of the attacker .

How to prevent DNS hijacked

• Internet companies prepare more than two domain names , Once hackers do DNS attack , Users can also access another domain name .
• Manually modify DNS： Enter in the address bar ：http：//192.168.1.1 （ If the page doesn't display, try typing ：http：//192.168.0.1）. Fill in your router's user name and password , Click on “ determine ”. stay “DHCP The server —DHCP” In service , Fill in the main DNS The server is more reliable 114.114.114.114 Address , spare DNS The server is 8.8.8.8, Click Save to .
• Change the router password ： Enter in the address bar ：http：//192.168.1.1 （ If the page doesn't display, try typing ：http：//192.168.0.1）. Fill in your router's user name and password , The router's initial user name is admin, The password is admin, If you have modified , Then fill in the modified user name and password , Click on “ determine ”. When you fill it in correctly , You will enter the router password modification page , In system tools —— Modify the login password page to complete the modification （ Original user name and password and 2 Fill in the same ）