DNS HIJACKING

HOW DNS WORKS

DNS HIJACKING

DNS hijacking is a type of malicious attack in which an individual redirects queries to a domain name server (DNS), by overriding a computer's TCP/IP settings. This can be achieved through the use of malicious software or by modifying a server's settings.

DNS SERVER

A DNS server runs as an application on a computer system. If an attacker can gain access to the computer system, then the attacker can gain access to the DNS server. This means that the server is vulnerable to any potential compromise to the hosting system. For example, if the host is running an old print server that is vulnerable to a remote exploit, then the DNS server is vulnerable due to the remote exploit.

To mitigate the risk DNS servers should run on "hardened" systems. Which has all unnecessary network services disabled. DNS server should be the only accessible network service. Most large companies provide SSH for remote administration, but all other services are disabled.

CHANGING DNS SERVER SETTING 

WINDOWS

netsh interface ip set dns name="Local Area Connection" static 208.67.222.222

LINUX

sudo nano /etc/resolv.conf


MAC

networksetup -setdnsservers Wi-Fi 208.67.222.222

CHANGING DNS ENTRIES IN HOSTS FILE

C:\Windows\System32\drivers\etc\hosts

LINUX

sudo nano /etc/hosts

MAC OS

sudo nano /private/etc/hosts

No comments:

Post a Comment

Popular Posts