HOW DNS WORKS
DNS hijacking is a type of malicious attack in which an individual redirects queries to a domain name server (DNS), by overriding a computer's TCP/IP settings. This can be achieved through the use of malicious software or by modifying a server's settings.
DNS SERVER
A DNS server runs as an application on a computer system. If an attacker can gain access to the computer system, then the attacker can gain access to the DNS server. This means that the server is vulnerable to any potential compromise to the hosting system. For example, if the host is running an old print server that is vulnerable to a remote exploit, then the DNS server is vulnerable due to the remote exploit.
To mitigate the risk DNS servers should run on "hardened" systems. Which has all unnecessary network services disabled. DNS server should be the only accessible network service. Most large companies provide SSH for remote administration, but all other services are disabled.
CHANGING DNS SERVER SETTING
WINDOWS
netsh interface ip set dns name="Local Area Connection" static 208.67.222.222
LINUX
sudo nano /etc/resolv.conf
MAC
networksetup -setdnsservers Wi-Fi 208.67.222.222
CHANGING DNS ENTRIES IN HOSTS FILE
C:\Windows\System32\drivers\etc\hosts
LINUX
sudo nano /etc/hosts
MAC OS
sudo nano /private/etc/hosts
No comments:
Post a Comment