3 DNS attacks and how to thwart them

There’s been much talk about Doman Name System (DNS) attacks after the Syrian Electronic Army’s (SEA) cyber attack on the Web site of the New York Times, Twitter, Huffington Post and other high-profile site.

Cory von Wallenstein, chief technology officer of Dyn, an infrastructure-as-a-service (IaaS) firm specializing in DNS and E-mail management, yesterday wrote a blog detailing three ways hackers can launch similar DNS attacks. He also provided advice on how organizations can mitigate the effects of such attacks:

Cache poisoning – Attackers inject malicious DNS data into the recursive DNS servers operated by Internet Service Providers (ISPs). The damage cause by this attack is localized to specific users connecting to the compromised servers.

Workaround to this type of attack said von Wallenstein involves using good standards such as DNSSEC (domain name system security extension) to provide additional protection.

Changing the DNS data – Attackers take over one or more authoritative DNS servers for a domain. Then they change the DNS data.

The effect of such an attack would be “global.” Good security practices such as strong passwords, IP acceptable client lists (ACLs) and social engineering training will help guard against such an attack – this is the type of service Dyn provides Twitter, according to von Wallenstein.

Taking over the registration of a domain – This is the most difficult to launch of all three attacks. Attackers take over the registration of a domain and change the authoritative DNS servers.

This was the type of attack used by the Syrian Electronic Army. They gained access to the domain registration accounts operated by Melbourne IT, changed the authoritative DNS servers to ns1.syrianelectronicarmy.com and ns2.syrianarmyelectronicarmy.com.

Such an attack allows hackers to redirect email and other services provided to clients. Also, when the DNS records at a different IP address, everyone is going to know that your site has been hijacked.

Apart from following best security practices to protect authoritative servers, companies can also consider hosting authoritative servers within their organization to better protect them.

The changes created by this attack are globally cached on recursive DNS servers for a full-day. “Unless they are purge, it takes a full day or longer for the effects to be reversed, von Wallenstein said.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now