In recent years we have experienced the incessant growth of attacks on all kinds of companies, but especially on large and well-known companies, which a priori seemed unbreakable. According to the International Security Council (NISC) 72% of these organizations have an attack has been directly to the DNS system. Which is turning these types of attacks into an increasing threat. Let’s see what a DNS attack is and how to avoid it.
What is a DNS attack?
The DNS (Domain Name System) acts asa raductor of the information that we indicate in the search engine to access a web page. For example, when we put www.tecsens.com translates it to the IP that corresponds to connect. So the DNS attack consists of attacking the name resolution servers. This would produce errors and malfunctions in the systems, even the complete fall of them, in most cases it is used to steal personal information of the company or credentials.
Types of DNS attacks
DNS Poisoning:
This is one of the most frequent attacks,its main objective is to apprehend users through fake and malicious websites to get their personal data. This type of attack is one of the most effective bridges to attack since it redirects the user to a poisoned DNS without the user being aware since a priori it is quite similar to the “original”.
How to prevent and mitigate a DNS Poisoning attack?
- Configuring DNS servers to review other DNS servers before redirecting to them. This allows hackers less likely to alter the DNS settings and record of servers.
- Restricting FAQs, storing data only associated with the requested domain, and restricting questions to information that comes only from the requested domain.
- Use of DNS protection tools that have the function of data authenticity.
Botnets:
This type of attack aims to render a DNS server inoperative. Each bot is programmed to send various requests for access to a web resource recognized by the DNS server that is attacked, which causes its saturation and subsequent inactivity. They basically run DDoS.
¿ How to prevent and mitigate a DNS Botnets attack?
- Verification of vulnerabilities of networked devices, review of security settings.
- Have IDS/IPS security solutions to identify these types of attacks.
Flood:
This type of attack aims to overload the DNS server so that it can no longer process the requests it receives. They are usually controllable since they come from a single IP address, although it can be complicated if it becomes a DDoS.
Caché Poisoning:
This attack aims at all the information stored on the DNS server and its collection (bank details, keys etc). The way to deceive the user is one of the most effective since they are victims of phishing, users at all times think they are accessing a legitimate website, for example, that of their bank.
How to prevent and mitigate a Caché Poisoning attack?
- Restrict frequent requests and limit DNS request responses to actual information associated with the domain.
- Storage of DNS records associated with domain names.
DrDoS (Denial of Service Distributed by Reflection):
In this type of attack the DNS server receives as many malicious requests as legitimate, when it reaches its maximum capacity the server begins to discard packets including legitimate requests which gets it to stop responding. In this variant of DDoS the servers can belong to different networks since they act as reflectors so it becomes a large-scale attack taking control of all connected devices.
How toprevent and mitigate a DrDoS attack?
These types of attacks are very difficult to mitigate, but there are prevention measures that in the long term can protect from them.
- Location of DNS servers in different data centers (which have several alternative access routes in addition to the main one and do not have security holes) and that are part of different networks or subnets of the organization.
These DNS attacks among other existing ones cause great damage to the companies victims of these, assuming incalculable losses. As we mentioned at the beginning during these last years many well-known companies have suffered them so that no one is exempt from suffering them.