There are innumerous points of security failure within the DNS framework. These vulnerabilities are well exploited by the hackers for different purposes ranging from financial gain, sabotage and other fraudulent activities. Pharming and phishing attacks are magnifying by the day and are carried out by the hackers via all possible means. All such kind of attacks that take place mainly fall under three kinds of DNS risks, namely, Name server vulnerabilities, Authenticity and Integrity attacks and Consumption attacks.
III.i. Name Server Vulnerabilities
This type of DNS threat deals with the attacker altering the records in the name servers. This is done by gaining access to the name servers illegally. Once under the hacker’s control, the zone files contained in the servers are modified. For example, the attacker acquires control to the authoritative name server and …show more content…
The recursive DNS server looks-up the query in its own cache initially and if the record is not found, forwards the query to the ANS with a new 16-bit ID. The hacker, during this interval guesses the right ID and replies to this query with the spoofed IP address for www.google.com . The recursive DNS server thus caches this response into its memory and forwards it further to the host. Thus the user is redirected to a fraudulent website without and remains completely unaware of the mishap [2] [5].
Current Solution: Though devising a 16-bit transaction ID and source port randomization has reduced cache poisoning to an extent, certain hackers find their way out in ID guessing. Another remedy to cache poisoning is upgrading the Name server software to the latest version as soon as a vulnerability is detected. The latest version would take care of eliminating the vulnerability discovered [2] [4].
III.ii.b. DNS