There has been a lot about “pharming”, which is another term for DNS poisoning, also known as DNS cache poisoning, in the news lately. But what exactly is DNS poisoning? Put simply, DNS cache poisoning is when a DNS server is made to tell your computer that a domain resides at a naughty IP address belonging to a bad guy – the poisoner – rather than the true IP address at which the domain actually resides.
DNS (Domain Name Service) is sort of like directory assistance for the Internet. When you type in to your web browser, for example, , your computer queries a DNS server and asks it “where does www.theinternetpatrol.com live?” The DNS server responds with the IP address associated with www.theinternetpatrol.com – let’s say for sake of example that it’s 127.0.0.1. Your computer then rings up 127.0.0.1, and voila, you’re at the Aunty Spam site.
DNS servers have a cache of hundreds of thousands of domain names cross-referenced with their corresponding IP addresses. These are updated on a regular basis, however, imagine if someone was able to access one of the DNS servers, and change some of the entries in the DNS cache, so that, for example, when your computer asks where Aunty Spam lives, instead of 127.0.0.1, the DNS server told your computer “188.8.131.52”. Instead of ending up at the Aunty Spam site, your web browser would end up at Yahoo.
Now, the odds are pretty good that you, dear reader, being the savvy Internet person that you are, would be able to tell the difference between Aunty’s web site and Yahoo. But what if a bad person changed the DNS cache information – poisoned the DNS cache – so that instead of Aunty Spam’s site, your computer was redirected to an exact copy of Aunty Spam’s site? Maybe you wouldn’t think that is such a big deal, but what if the exact replica naughty site was of your bank’s website, waiting to steal your banking information? Or of a discount airline ticket site, waiting to steal your credit card information? Or even an exact replica of your ISP’s login site, waiting to steal your username and password? The possibilities are endless, and frightening.
Fortunately, DNS cache poisoning is not all that common yet, although it certainly happens. Unfortunately, other than being very vigilent and aware, there is not very much which the end-user can do to protect themselves against it (short of either running one’s own local DNS, which is beyond most end-users, or the very paranoid and laborious extreme of using only IP addresses rather than domain names to navigate the Internet). And, of course, always stay up-to-date on the latest goings on by reading sites such as Aunty Spam’s Internet Patrol!
|No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?