Blog

In the slew of internet crimes, we have DNS Hijacking or DNS Hacking as it is sometimes called. DNS redirection is a term that is also commonly used and describes it best.

This is the case when you type a website address (e.g. domain name) with intention to browse to a specific website, and eventually you end up at another website, not the one you intended, although you typed the correct domain name.

So, how this action is possible? What is happening? Who is doing it, and why?

At it’s most basic, DNS and domain hijacking occurs when an attacker uses any of a variety of ways to alter a computer’s TCP/IP settings so that the IP address points to a rogue DNS server instead of the actual one. For example, you want to go to Yahoo’s website and type http://www.yahoo.com. There is an IP address tied to this URL. The attacker, however will alter the IP address so that you will be navigated to a site of their choice. This could be an ad server infected with malware or a counterfeit site. The bottom line, the attacker will direct you to a site that will allow them to accomplish their illicit goals.

DNS (The Domain Name System) is primarily responsible for translating a URL such as “Yahoo.com” to an IP address “46.228.47.114”. How does DNS hijacking work exactly? As mentioned, DNS handles mapping of a URL to an IP address. Your computer is set up to use the DNS server of your Internet Service Provider (ISP), which owns the DNS server along with other private business organizations.

In a few cases, your computer may even be configured to utilize the same DNS services of reputable organizations such as Google. In cases such as these, you are told you are in good hands and all seems to be working normally.

However, there are many out there who have the intention of doing you harm. A hacker or a suspicious piece of malware would take over your computer and change the DNS settings which will divert your computer from using the ISP’s DNS server to theirs. Now, your computer’s URL translating functions where authentic sites are normally sent to their rightful IP address, translates your URL to the IP address of the attacker, and their malicious website. This spells trouble, as you are then taken to a phony website, most of the time unknown to you.

Violation of Standards

This is a violation of standards established by the RFC. Now, there are many ISPs out there that utilize DNS hijacking to deliver advertisements or collect information about your internet usage. While this might not cause you any real damage, it is still a violation.

You might be wondering how you can apply full DNS protection and prevent hijacking. The attackers utilize highly sophisticated and damaging malware programs like Trojan horses to act as a proxy to hijack. These attackers distribute this Trojan through file and video downloaders, YouTube downloaders, and other free utilities.

Obviously, staying away from these sites is recommended. However, from a more technical standpoint there are some ways you can implement DNS protection.

Master-Slave DNS Approach

If you are tasked with handling the configuration and maintenance of DNS servers within your organization, one of the best approaches to stop such DNS attacks is by implementing a Master-Slave type DNS configuration. This configuration includes a master DNS that has no access to the internet. Two slave servers are set up that have access. Now, whenever any of the slave servers are hacked, they’ll be updated from the master server.

Importance of Service Level Agreements (SLAs)

There are a multitude of DNS Service providers. You must have a contact available to reach out to when there is a problem. You should demand that your agreements be written out and you should be granted the option to monitor the provider’s performance, in addition to ensuring that they are set up with the right infrastructure to deal with any attacks.

This is your business on the line. You must demand it.

Strong Password Policy

Make sure that those throughout your organization are changing their passwords regularly and are using  better ones than just an ABC123 type password. This will protect you from attacks.

Protecting your business is a constant chore. The idea is to employ a 360 degree DNS protection solution. See what others are doing. Learn from them. You’ll be protected in the long run.

Concerned that someone is messing your with domain? Our technology can help you monitor that issue and much more.