What Is DNS Spoofing (DNS Cache Poisoning) and How To Prevent It?

What Is DNS Spoofing (DNS Cache Poisoning) and How To Prevent It?

What Is DNS Spoofing (DNS Cache Poisoning) and How To Prevent It?

Sarah Li Cain
December 13, 2019

One morning, you log into your email account like you normally do. You click on an email from your bank since it indicates in the subject line something could be wrong. The email warns that your bank account could be closed unless you click on the link to update your personal information.

The bad news is that this isn’t an email from your bank—you’ve been a victim of DNS spoofing. While the website looks legitimate, the information you entered was exposed to thieves, who will probably use this information for ill intent. Also referred to as DNS cache poison, this type of cyber attack can have serious consequences if you’re not vigilant.

What is DNS spoofing (aka DNS cache poisoning)?

A DNS (domain name server) is how a domain name directs to the relevant IP address of the website you want . When you type in www.website.com, it takes you to the correct IP address so you can access the relevant website. Think of it as a GPS navigation system but for websites.

DNS spoofing is when someone enters false information into the DNS cache (a temporary database that stores information), so you’re redirected to the wrong website or IP address. Chris Parker, founder of WhatsMyIPAddress.com, said that the aim is to redirect traffic. “Once an attacker is able to get a DNS to publish an incorrect IP address, it’ll redirect some portion of the legitimate website traffic to a server controlled by the hacker,” he said.

Successful DNS poisoning attacks can have serious consequences. For one, identity thieves can use it to redirect you to a website that looks legitimate, encouraging you to enter personal information like your Social Security number. Once you do, it goes into the wrong hands and identity thieves can now do things like open credit accounts in your name without your knowledge.

Or the malicious website can install malware on your computer so that the thief can access other types of data and even your web activity.

Related: Identity theft check: Uncover if your data may have been compromised

How does a DNS poisoning attack work?

The DNS resolver, in an attempt to be more efficient and faster for website visitors, will often save information about an IP address for a certain amount of time in the cache. This is so it can respond quickly without no need to access or communicate with a bunch of servers at once. It stores this Information until the cache expires.

Given this knowledge, hackers can then interject and place a fake IP address into the DNS server. Parker said that a DNS cache poisoning attack can be fairly complicated time-wise. But when successful, it can be hard to reverse course.

“How it works is that the attacker requests the target server to result a website which turns the domain name into an IP address,” he said. “Before the legitimate source can provide the real IP address to you, the hacker fakes that response with another IP address.”

In theory once the cache expires, the DNS entry goes back to normal. However, if the server’s DNS software has been updated, the hacker can continue to funnel visitors to the fake IP address.

How can I protect myself from DNS spoofing attacks?

Parker cautions that there isn’t much you can do to fully prevent DNS spoofing attacks as a website visitor. It’s the responsibility of the website and network owners to prevent these types of attacks.

However, you can do a few things to reduce your chances of being redirected to a fake website. Parker recommends using a browser plugin like HTTPS everywhere that can warn you if you’re being connected to a fake website. Also, check to see if the website you’re visiting is secure by looking for the lock icon on the top left side of your browser—though this isn’t always 100% foolproof.

Other ways to remain vigilant include keeping an eye out whenever clicking on links, even from familiar sources—phishing scams emulate legitimate people or organizations in an attempt for you to reveal personal information. One way to help try and see if the email may be legitimate is by using a reverse email search service. If you have a bit of extra time, call the bank (or whatever company you have an account with) to confirm they sent the message (but don’t use any phone number provided in the questionable message—that may be bogus, too).

Educating yourself on how hackers can access your information is one of the best ways to prevent things like identity theft. Although you can’t stop malicious activity from happening, you can at least remain vigilant — you can never be too safe out on the internet.

Disclaimer: The above is solely intended for informational purposes and in no way constitutes legal advice or specific recommendations.