DNS is a naming system for computers that converts human-readable domain names into computer-readable IP-addresses and vice versa.DNS uses UDP port 53 to serve its requests.
- Attacker can gather DNS information to determine key hosts in the network and can perform social engineering attacks.
- DNS records provide important information about location and type of servers.
- DNS Interrogation Tools:
Common used DNS Record Types
A (Host address) AAAA (IPv6 host address) ALIAS (Auto resolved alias) CNAME (Canonical name for an alias) MX (Mail eXchange) NS (Name Server) PTR (Pointer) SOA (Start Of Authority) SRV (location of service) TXT (Descriptive text)
DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. One of the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server.
How is DNS spoofing done?
DNS spoofing is done by replacing the IP addresses stored in the DNS server with the ones under control of the attacker. Once it is done, whenever users try to go to a particular website, they get directed to the false websites placed by the attacker in the spoofed DNS server.
nslookup is a network administration command-line tool available in many computer operating systems for querying the Domain Name System to obtain a domain name or IP address mapping, or other DNS records.