DNS attacks are an important security issue to understand and come in many different forms. They affect people and services at all different ways from hosting providers, website owners, network operators as well as end users.
Some of the most common DNS attacks include:
NXDOMAIN Attack - This attack is where a flood of DNS requests are made to non-existant domain names, this will send requests to the authoritative DNS server which could starve the server from resources which could be used to respond to legitimate requests.
DNS Cache Poisoning - Also known as DNS Spoofing, this type of attack involves taking advantage of vulnerabilities in DNS server software in order to inject malicious data into a DNS resolvers' cache. This can be used to trick end users into visiting an illegitimate version of a website typically used to steal personal information or infect their device with malware.
DNS Tunnelling - This is a technique where data is encoded in DNS queries which allows data to be transmitted in a way where data transfer may not have been possible due to firewall policies as DNS requests are typically trusted. Additionally, DNS tunnelling allows for indirect data transmission between the victim and the attacker due to the nature of how DNS resolvers pass the requests on the client's behalf which can make it more difficult to track down the attacker.
DNS Hijacking - This is where an attacker modifies where DNS lookup requests are sent to from a trusted source to a server under their control or to a trusted server which has been exploited to behave in a way which was not indented.
DNS Pharming - This is an attack where a website is redirected to another fake version of the website. This is typically exploited by compromising the users local host file or through a vulnerability in a DNS resolver.
DNS Flood Attack - These are Denial of Service (DoS) attacks whereby many compromised devices send large numbers of DNS requests to the target victims DNS server which leads to it being overwhelmed and unable to respond to legitimate requests often resulting in websites or other online services becoming unavailable.
DNS Amplification Attack - Unlike DNS Flood attacks, DNS amplification attacks can be effective by sending a smaller number of requests to unsecured DNS servers which can hide the origin of the attack. The attacker can send small requests which have large responses with a fake return address to that of the intended victim of the attack. This allows the attacker to amplify the amount of data being sent to the victim with limited resources of their own.
DNS Brute Force Attack - DNS enumeration is the process of discovering all of the resources under a domain name. This is typically the start of the process to gain a better understanding of which resources a network uses in order to find a weak point in the system which can be exploited to gain unauthorized access. Using brute force, attackers can perform DNS lookup requests for a large number of commonly used subdomains or try random subdomains in order to discover services associated with the domain name. This type of attack can typically be detected by an out of the ordinary number of requests to invalid DNS record resources.
