Check the local cache (which includes content from the HOSTS file). 2

TCP/IP Model 
469
If the client doesn’t obtain a DNS-to-IP resolution from any of these steps, the resolution 
fails, and the communication can’t be sent. DNS poisoning can take place at any of these 
steps, but the easiest way is to corrupt the HOSTS file or the DNS server query.
There are many ways to attack or exploit DNS. An attacker might use one of these 
techniques:
Deploy a rogue DNS server (also known as DNS spoofing or DNS pharming).
A 
rogue 
DNS
server can listen in on network traffic for any DNS query or specific DNS queries 
related to a target site. Then the rogue DNS server sends a DNS response to the client with 
false IP information. This attack requires that the rogue DNS server get its response back 
to the client before the real DNS server responds. Once the client receives the response from 
the rogue DNS server, the client closes the DNS query session, which causes the response 
from the real DNS server to be dropped and ignored as an out-of-session packet.
DNS queries are not authenticated, but they do contain a 16-bit value known as the 
query ID
(QID). The DNS response must include the same QID as the query to be 
accepted. Thus, a rogue DNS server must include the requesting QID in the false reply.
Perform DNS poisoning. DNS poisoning
involves attacking the real DNS server and plac-
ing incorrect information into its zone file. This causes the real DNS server to send false 
data back to clients.
Alter the HOSTS file.
Modifying the HOSTS file on the client by placing false DNS data 
into it redirects users to false locations.

Download 19,3 Mb.

Do'stlaringiz bilan baham: