DNS Hijacking

Domain name server (DNS) hijacking is named as DNS redirect. It is a DNS Attack type that resolves dns queries incorrectly. Attacker can upload malware and get administration access on victim computers. Attacker can cut the DNS communication or hack it.

DNS hijacking can be used to phishing or pharming. A lot of Network Service Provider uses one of the type of DNS hijacking to take over DNS requests, collect statistics or to spread their ads on unknown domains.

Some governments and executives uses DNS hijacking to censor and by this means they can redirect users to websites which authorizied by the government.

DNS Hacking Types

There are four basic types of DNS redirecting:

Local DNS Hijacking: Attackers changes local DNS setting with trojans to redirect victim system malicious websites.

Router DNS Hijacking: Lots of Router has security bugs on their software security. Buceause of this, hackers can capture the management of a router and can affect all of the users that are connected into it.
Man In The Middle DNS Hijacking: Beside being the most popular way of DNS Hijacking, this type is the most dangerous one. Hackers catches DNS requests and cuts the communication down between user and DNS server. After this, they redirects to their DNS server.
Tricky DNS Server: Attacker hacks the DNS server and changes DNS records to redirect DNS requests to malicious websites.

DNS Hijacking And Spoofing Attacks

DNS spoofing is a attack that redirects traffic to malicious websites from legal websites. This method can be made by using hijacking/redirection. For example, by risking DNS servers security, this method can make illegal websites legal, and through this websites, attackers can redirect users to malicious websites.

Cache Poisoning is a way of DNS spoofing without using DNS hijacking. DNS servers, routers and computers takes DNS records to cache. Atackers can poison DNS cache by adding a fake DNS entry which has got alternate IP target or the same domain name. DNS server transforms domain to fake website until cache refresh.

What can be done to be protected?
DNS name server has got a sensitive infrastructure that requires high security measures because of It can be hacked or can be used to organize DDoS attacks.
1- Follow network analyzer. Close unnecessary DNS analyzers.
2- Limit name server access. Physical access, 2FA, firewall and network security meaures can be used.
3- To take protection against DNS poisoning, use a random source connection point. choose query ID random and choose domain names so as to be one uppercase one lower case.
4-Patch known security bugs.
5-Separate authorizied name server from analyzer.
6-Limit field transfers.

For End Users:
1- You can change admin passwords.
2- You can use an encrypted VPN channel by using virus protection apps.

Wİth these methods, DNS hijacking can be prevented. If the users network provider can steal users DNS, they can take free alternative DNS services such as Google Public DNS and Cisco OpenDNS.

For Websites:
1- Use 2FA to take DNS records and create an IP list that can reaach DNS settings.
2-Check if client lock is supported or not.

3- Use a DNS record company that supports DNSSEC usage and active it.
