Dangers of DNS Interception

Alex Robu — Wed, 22 Aug 2018 23:13:02 +0000

Dangers of DNS Interception. The Domain Name System is basically the internet’s phone book or yellow pages that translates domain name URLs into their equivalent numeric (IP4) or alphanumeric (IP6) IP Addresses. As far as we know, it has largely been untouched or unexploited by hackers until recently, or the practice has not been put to light by media outside of the hacker community. But several researchers warned that DNS queries can be intercepted and manipulated unless they become encrypted. Actually, DNS traffic interception is being done for some time now. Think of the DNS as arrow signs in a forest path that lead travelers to town. Bandits get word of a gold caravan heading to that town. Like in cartoons, if someone was to change those signs to point to the other direction, the unwitting traveler gets led to the bandit camp.

DNS interception can also lead to blackmail. It becomes the equivalent of a phone wiretap where someone listens into conversations of a couple having an affair and gets information on every restaurant or hotel the couple meet. The couple are allowed on their way but the information is saved for later by the intercepting party. DNS interception can also lead to the interceptors getting other bits of information from the intercepted addresses. The best example is when the interceptor intercepts someone’s daily physical mail, or in today’s world, packages. Interceptors can get plenty of information from intercepted packages. Imagine of someone were to get your mailed-in credit card coupled with last week’s Hallmark birthday card from your mother, coupons, or membership cards and takes advantage of those. The scenario is equal to someone getting all your credit card numbers, passwords and other credentials from your PC through installed malware after the interception has taken place. The scenarios stated mean that DNS interception is a huge threat to the security and privacy of potential victims. Less than one percent of the world’s DNS queries can be intercepted by malicious parties, according to researchers from the University of Texas and Tsinghua University in China. That still amounts to millions of internet users in danger from the above scenarios especially if they don’t employ any substantial internet security. And they say that this is the result of the poor implementation of already established DNS safeguards. These include Domain Name System Security Extensions (DNSSEC) that prevents the tampering of DNS queries and DNS-over-HTTPS that includes query encryption which prevents people from spying and identifying the sites you visit. Basically, most DNS queries are neither encrypted or authenticated as in terms of security, everyone is more focused on entry points of attack rather than interception.

…This is a problem that must be dealt with immediately. It may be the case that companies are not thinking about DNS queries as a potential attack vector. If this is true, how many other data-related processes are unprotected? Businesses need to be thinking about encrypting data at any point on the network, wherever it be in the cloud, data center or on an endpoint, –Luke Brown, VP EMEA, Winmagic

Even public DNS resolvers like Google’s (8.8.8.8) and Cloudflare’s (1.1.1.1) aren’t safe from malicious parties. In fact, these are very much on their watch list. Both companies are not obligated (perhaps they should be) to implement additional security but there should be additional awareness on this threat on all points, the users, the paths and the websites.

The post Dangers of DNS Interception appeared first on Hack Ware News.

DNS Interception Archives - Hack Ware News

Dangers of DNS Interception