A Phishing Attack Poisons A Domain Name On A Domain Name Server

A Phishing Attack has been often issued for internet users. Many peoples don’t know about the attacks especially beginners or we can say non-IT (Information Technology)  peoples. But, Not worried we will help you to understand about this. So be continue with us.

Hackers targets to the website to get information of users like username, password, email, payment, etc. they are targeted to many websites to theft the information of users. This called a “Phishing Attack”. You can see here more about various attacks. List of attacks in detail.

Domain Name is the address of the website. Or we can say that is the main URL of the website. The peoples are identified the website by URL (Uniform Resource Locator).  that is in character format like google.com. Actually, that established as IP (Internet Protocol) address. You can see here more About Domain. What Is Domain?

We can say Domain Name Server short form is the DNS. Domain Name Server has established the connection between User And Server via a Web Browser like Google, Bing, etc. After, the Users can communicate with the server via TCP/IP Protocol (Transmission Control Protocol) / (Internet Protocol) on a Web Browser.   

Domain Name Server is the more important to access any website. So, sometimes If our DNS failed. At that time Hackers can take advantage to gain more information. So, we have to safely access to any website.

The Hackers can access the DNS Server failed website. After they targeted to users to access the website. So, you need to learn more about Domain Name Server. But, Google And Bing such kinds of search engines have restricted to users to access this website.

Google And Bing are a more reliable platform for safely access any website. So, they are changing every time in the browser. Therefore,  All users can access the safe website on that browser.

2015, 26 January, One Hacker group controlled to redirect the website users of MAS (Malaysia Airlines) website to displaying other website having malicious content.

Malaysia Airlines team member has denied (who were managed the server) that the system had been hacked. They were claimed that Our Web Server is intact. However, News reports implied that’s a hacked incident.

Malaysia Airlines team members had rights. Their hardware and software had not hacked. They had got the victim to attacks. This attack is identified as “Domain Name Server Cache Poisoning or DNS Cache Poisoning”.

The Cyber Criminals or Hackers used abused the cached IP address in Domain Name Server to redirect to their website visitors to other web pages on a web browser.

2018 April, the DNS cache poisoning attacks to Amazon Domain Name Server (DNS). All users redirected to other websites had to have malicious content.

2011 November, the large scale attack had on ISP (Internet Service Provider) of Brazil country. The hackers installed malicious java applets file to their web server.

In 2009 December, the hackers hacked Twitter and transferring all the Twitter users to their websites.

2008 July, The Domain Name Server Cache Poisoning attacks on AT&T (American Telephone Telegraph) servers. Major websites destroyed from the server.

When Users type such as google.com into a web browser in which DNS (Domain Name Server) query turned out around. And sends to the default DNS recursive resolver server.

The Domain Name Server Recursive Resolver, first stop the DNS Query. Because, mostly server hosted by ISP (Internet Service Provider).

After receiving a Domain Name Server query from server. The Domain Name Server Resolver will send a request to Domain Name Server Root Server (DNS Root Server).

Domain Name Root Server response to DNS resolver about DNS Top-level Domain like .com, .in, .us, .uk, .org, etc. that stores the information in Root Domain like example.com

The Domain Name Server Resolver requests to the DNS TOP level domain. The Domain Name Server Top Level Domain (DNS TLD) response with the IP (Internet Protocol) address of DNS authoritative name server.

How  A Phishing Attack Poisons A Domain Name On A Domain Name Server

The Domain Name Server Caches “poisoned’ or Malicious Content while unauthorized domain names or IP addresses are included in the website. The DNS cache achieved malicious code either by

  1. Computer Malware
  2. Network attacks insert invalid DNS entries into the cache.

Reminder: while users try to web website via a web browser, the computer queries load to local Domain Name Server Cache (DNS Cache) for communicating with the webserver by TCP/IP Protocol (Transmission Control Protocol / Internet Protocol) Address.

If Domain Name Server (DNS) caches the copy of the record and replies to it.

 If not, it queries upstreams to the DNS Server and relays the result back to end-users, and caches them till the next IP (Internet Protocol) address.

The Hackers have presumed the way as “spoof” Domain Name Server responses to forge Domain Name Server responses that look as if they are reached from a legit DNS server. That can make A Phishing Attack “Poisons” A Domain Name On A Domain Name Server.

I was capable to understand the proper ways how hackers use this technique. But, it against the google content policy violation. So, I feared the google content policy system. I regret the google denied the hacking content. So, it may be affected SEO (Search Engine Optimization) or we can say that rank the keyword on google top or ranking of the website.

Conclusion

It’s a very interesting topic for all user or website owner or website developer. Because DNS is required to access any website on the web browser.

If some DNS having been failed where hackers targeted to that server And getting user’s information like username, password, address, phone number, email address, payment details, location, IP address, etc.

So, we have to care by using some best steps like used HTTPS (HyperText Transfer Protocol) websites instead of HTTP websites or other protocol used websites. Google more restricted to HTTP and other protocol websites.

Today, Google more reliable on HTTPS instead of HTTP websites. So, Most of the website owner includes an SSL certificate for HTTPS  transferred protocol. SSL (Secure Socket Layer) linked the website data into the web browser. So, Googlebot indicates about the website to users.

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *