"Television to brainwash us all and Internet to eliminate any last resistance."
~Paul Carvel
Well , its been in news since the beginning of new year ... and found by one researcher Dan Kaminsky accidentally !!! .. but originally this problem was in knowledge of people since year of 1999 !! .. hell ya , its very old problem , which has became nightmare now ...
First of all for people who don't know , even "i" of Internet .... may ask ... what the hell is this DNS (Domain Name Server ) and how can anyone poison a computer ?? ... right ?? ... Well in simple words ... its an internet directory ... Like we all know , computers are really the dumbest creation of mankind !!! They know only language of numbers .. and on the other side .. for all of us , its little difficult to remember 1000s of numbers in specific sequence .. ( err ... it's natural .. how can anyone remember lots of numbers. )..
Ideally, when we want to go to any site on internet , we have to type its IP ( Internet Protocol , a Network layer protocol ) address, e.g. for google , i found its , 64.233.161.103 ( it may be different , because they use dynamic IPs ... err IP are of two different kind, static and dynamic .. assume static IP as permanent resident address which remains constant and dynamic IP as temporary resident address which changes with certain parameters to increase server security !! ) .. so now when I want to go on google's site , i need to type its IP address , but like I said before , average human is little allergic to numbers .. so people who had designed internet backbone , kept one server , which contains all information about sites ( or knows which server know that particular site !! ) .. so now when i just type www.google.com , that web browser will send one query about this name to DNS .. and DNS will resolve it and reply it with acknowledgment and redirect browser to a server that is hosting www.google.com and so our browser will accept it and direct us to that website ... ( err .. i am not an expert , but i think this is the way things are done !!!) .. so in short the function of DNS is to direct browser and so user to that particular site requested by user ...
Now like we know , there are perhaps zillions of site on internet , and we also know that , we are not the only one in whole universe , who want to access www.google.com via same DNS... So , here those "smart guys" designed one sort of temporary storage called "DNS cache" , imagine it as a RAM of our PC ... actually it works same like RAM, it temporarily stores information about that requested page of any site for some time ( FYI , that time is known as Time To Live ,TTL) .. So meanwhile that page is cached , if anyone request same page then , it will be displayed in no time ... ( now you remember , why www.google.com or www.yahoo.com or any ultra famous website opens withing a few micro seconds and why , gaurangsays.blogspot.com not getting opened in same time ?? its because those sites popular pages are stored on DNS cache !!! and hence we are not even being connected to google's server !!! .... amazing .. isn't it ??)
Here is the climax of story ..
Normally, an Internet-connected computer uses a DNS server provided by the computer owner's ISP ( Internet Service Provider ). This DNS server generally serves the ISP's own customers only and contains a small amount of DNS information cached by previous users of the server. A poisoning attack on a single ISP DNS server can affect the users serviced directly by the compromised server or indirectly by its downstream server(s) if applicable.
To perform a cache poisoning attack, the attacker exploits a flaw in the DNS (Domain Name Server) software that can make it accept incorrect information. If the server does not correctly validate DNS responses to ensure that they have come from an authoritative source, the server will end up caching the incorrect entries locally and serve them to users that make the same request.
This technique can be used to replace arbitrary content for a set of victims with content of an attacker's choosing. For example, an attacker poisons the IP address DNS entries for a target website on a given DNS server, replacing them with the IP address of a server he controls. He then creates fake entries for files on the server they control with names matching those on the target server. These files could contain malicious content, such as a worm or a virus. A user whose computer has referenced the poisoned DNS server would be tricked into thinking that the content comes from the target server and unknowingly download malicious content. Just imagine that your are opening a banking site , which is not original banking site but its a fake created by that attacker and then you are requested to enter your online ID and Password .. and after couple of days , you see some of your money has gone to some unknown offshore account or someone has purchased an antique vassal from Ebay from your account !!! ( ... its scary reality )
Actually , this method of DNS cache poisoning was used by CHINA, to censorship internet and do surveillance of servers that are proving internet in china.. ( it is named as , The Golden Shield Project .. err some also know it as , The Great Wall China ... of course it exists virtually as well , which prevents all internet user within china to access some kind of special information , like , open talk of politics for example , on internet !!! )
So , Better be sure that your DNS is secure from this poisonning attack !!!
find more here..
Happy Surfing ....
Njoy
0 comments:
Post a Comment