Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 78 today we're going to discuss about DNS attacks.There are four different DNS attacks that you have to know for the security.There're DNS poisoning, unauthorized zone transfers,altered hosts files, and domain name kiting.Now, DNS poisoning occurs when the name resolution information is modified in the DNS server's cache.This modification of the data is done to redirect client computers to fraudulent or incorrect websites usually as part of follow-on attacks.The DNS system was designed without a lot of security embedded into it originally.This open architecture assumed a level of trust with all the other servers which I already told you is a pretty bad idea,but that has been taken advantage of by malicious attackers because trusting is a bad idea.Now, DNS poisoning usually occurs on a company's internal DNS servers instead of on public-facing DNS servers around the internet.With this type of attack, the internal client on the network has to make a request to go to a website like diontraining.com and whenever they make that request the client first checks with their local network's primary DNS server to see if it knows the IP address for that URL.If someone has gone there recently that IP address is already going to be stored in the local cache but if the cache was poisoned that user's now going to be redirected to a malicious website instead of the desired one.To counter act DNS poisoning, secure DNS also know as DNSSEC, has been created.DNSSEC uses encrypted digital signatures when passing DNS information between servers to help protect it from poisoning.You can also prevent your DNS servers from being poisoned by insuring that you're running the latest patches and the latest updates to make sure it's protected.Our next type of DNS attack is called an unauthorized zone transfer.DNS servers are normally configured to provide DNS data to a zone transfer which replicates information to other servers. With an unauthorized transfer though an attacker requests a copy of that zone transfer information and if they receive it they now have a list of all of your server names and IP addresses and this helps them plan for future attacks.Because of this, zone transfers should always be restricted between two known and trusted servers only and not let other people ask for zone transfers. The third type of DNS attack is focused on the client itself. Every computer and workstation has a file on it called the host file.The host file is a plain text file and it contains IP addresses and names.This is a reference that the operating system is going to check every time a DNS lookup is requested prior to going to a DNS server.So if the host file has a domain name being requested,it's simply going to provide the host file version of that DNS information instead of going out to a DNS server requesting it.So for example, one day my son was not doing his school work and it was really upsetting me.Instead I kept going up there and seeing he was watching YouTube.So, I logged into his computer and I added the URL for YouTube into his host list and I pointed that to the IP address for his school's website. Now, anytime my son typed in youtube.com instead of getting the DNS lookup for YouTube and getting redirected to their server he instead got the one from the host file that I maliciously put in there and it served up the home page for his school.Now, every time he tried to watch a video he was told hey you got to go to school, right? I think this is pretty funny and you may think it's funny too but he was not very happy about this change and he couldn't for the life of him figure out why YouTube wouldn't come up on his laptop. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app