// THREAT DETECTION AND DATA PRIVACY TERM
DNS Spoofing
DNS spoofing, also called DNS cache poisoning, is a cyberattack where a hacker tricks a computer into visiting a fake website by feeding it a wrong IP address for a real domain name. This can lead you to a malicious site designed to steal your information, even when you typed the correct web address.
TECHNICAL DEFINITION
DNS spoofing is a man-in-the-middle cyberattack where an attacker introduces forged Domain Name System (DNS) data into a DNS resolver's cache, causing it to return an incorrect IP address. This attack vector, also known as DNS cache poisoning, redirects user traffic from a legitimate server to a malicious one for phishing, malware distribution, or credential theft by exploiting DNS protocol vulnerabilities.
BACKGROUND
The Cybersecurity and Infrastructure Security Agency (CISA), headquartered in Arlington, Virginia, is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- DNS cache poisoning
- DNS redirection attack
- pharming
- DNS cache pollution
- resolver spoofing
- IP address spoofing
USAGE NOTE
This technique is commonly used to invisibly redirect users to fraudulent banking or e-commerce sites to harvest credentials.
DEVELOPERS
Organizations developing technology related to DNS Spoofing.
A leading provider of DDI (DNS, DHCP, and IP Address Management) services. Their Advanced DNS Protection (ADP) product is specifically designed to detect and mitigate a wide range of DNS-based attacks, including DNS spoofing and cache poisoning.
A cloud-delivered security service, originally known as OpenDNS. It provides a secure recursive DNS service that blocks requests to malicious destinations before a connection is ever established, effectively preventing users from being redirected by spoofed DNS records.
A web performance and security company that operates one of the world's largest public DNS resolvers (1.1.1.1). They are a major proponent and provider of DNS over HTTPS (DoH) and DNS over TLS (DoT), protocols which encrypt DNS queries to prevent man-in-the-middle-based spoofing attacks.
A global cybersecurity leader offering a DNS Security service that uses machine learning and predictive analytics to block malicious domains. This service protects against attacks that leverage DNS, including command-and-control callbacks and traffic redirection via DNS spoofing.
As the registry operator for top-level domains like .com and .net, Verisign is a key player in internet infrastructure. The company is a primary developer and advocate for DNSSEC (Domain Name System Security Extensions), a suite of specifications for securing DNS data by using digital signatures to verify the authenticity of responses and prevent spoofing.
A content delivery network (CDN) and cloud security provider that operates a massive global DNS platform. Their services, like Edge DNS, are designed for high availability and DDoS protection, and incorporate security features to protect against DNS manipulation and spoofing attempts.
A network automation and security company specializing in DDI solutions. Their DNS Guardian product is an application security solution focused on protecting DNS infrastructure from attacks, including cache poisoning and other forms of spoofing.
The Internet Corporation for Assigned Names and Numbers is a non-profit organization responsible for coordinating the DNS root zone. Its research and engineering divisions work on the stability and security of the internet's identifier systems, including the development, standardization, and promotion of DNSSEC to combat DNS spoofing on a global scale.