Products
Sax2 NIDS
Sax2 Screenshots
Buy Now
White Papers
Awards
Download
Contact Us
 

DNS spoofing
 

What is DNS spoofing?

DNS spoofing is a term used when a DNS server accepts and uses incorrect information from a host that has no authority giving that information. DNS spoofing is in fact malicious cache poisoning where forged data is placed in the cache of the name servers. Spoofing attacks can cause serious security problems for DNS servers vulnerable to such attacks, for example causing users to be directed to wrong Internet sites or e-mail being routed to non-authorized mail servers (see example below).

DNS spoofing: How is it done?
Let's imagine three companies (A, B and C), all competing in a challenging global environment.

DNS Spoofing Attacks

Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B.

What are the consequences?
A spoofing attack can continue for a long period without being noticed. In fact, companies may never know of the security breach until the competitor enters the market with a product of similar characteristics. The consequences of a spoofing attack would be that companies can destroy any opportunity other companies have to create a competitive edge. The frightening thing, in times when IP address management and security are the top concerns for the high technology community, is that most top level business managers have not yet realized the financial and security risks associated with DNS spoofing.

What can be done?
In order to prevent many sources of Internet attacks, it is necessary to have the security built into DNS systems. To minimize the risk of a spoofing attack, every organization or individual responsible for a domain should first check which type of name server they are using and consult with its developer whether it is secure against DNS spoofing or not. It is also possible to use the latest version of DNS Expert (v.1.3) to check the vulnerability of all types of DNS servers to DNS spoofing and other DNS problems. Furthermore, Cricket Liu has written guidelines on how to solve the spoofing problem for BIND and the Microsoft DNS Server in his article