There are several risks that will result in DNS poisoning. Since the DNS server's cache is poisoned it will have many things attached to it. Pharming is the primary risk associated with cache poisoning which means it means a site will be redirected to a different site that has full access of Attacker.Four reasons why crackers employ pharming are identity theft, distribution of malware, dissemination of false information, and man-in-the-middle attacks.
Identity Theft:
Once we are redirected to attacker's site, he’ll try to trick us into leaving behind information he can use to impersonate you. One way to do this in our first example is to create a site identical to the real site www.abc.alphabet.com When the user connects using the poisoned cache information,he might be fooled into entering information about himself through apparently legitimate requests for his name, social security number, address, etc. That means all the personal details may be stolen and mis-used. For the actions done by attacker with his name, he will be responsible for all of them.
Malware Distribution:
Another main objective of attackers using cache poisoning is the automatic distribution of malware. Instead of releasing malicious code into the Internet and realizing random results, the use of rogue IP addresses to redirect unsuspecting users to the attacker’s site can be a more focused attack vector. Once a workstation initiates a session with the malicious site, malware is uploaded to the workstation without intervention by or the knowledge of the user.
Spreading the False Information :
This aspect will be much useful to the attacker's where they will put some self benefiting content about an organization or a business or any obscene content. It can be used to manipulate even the stock prices in an attempt to realize a large profit or a large loss for others.
Man-in-the-middle Attack: You can use this link to look into this type of effect of DNS poisoning.
0 comments:
Post a Comment