ITP.net’s Cyber Kung Fu Master Class: DNS Cache Poisoning, with Infoblox
Peter Goodwin of Infoblox coaches us on the Web-traffic redirect attack
Hopefully last month's class did not leave you too bruised. We trust you are starting to feel more able to stand up to cyber assaults and feel strong... like grasshopper.
Welcome back to ITP.net's digital dojo as we continue to help you hone your skills. On the mats this month, we will tackle the vicious DNS cache poisoning attack.
So get ready once again to learn the noble art of Cyber Kung Fu (gong!).
Meet this month's Cyber Kung Fu Master: Peter Goodwin, technical director, Middle East, Infoblox
Peter Goodwin is technical director, Middle East at Infoblox. His previous roles include technical director for EMEA at Netcordia before the company was acquired by Infoblox, and a number of senior technical positions at companies including Simpay, HP, Vodafone and British Aerospace.
The attack: DNS cache poisoning
We all use the Internet. In fact, we know you do, otherwise how would you have found our digital dojo. You probably know that when you click on a link or type a URL in the address bar of your Web browser, you are asking a domain-name service provider (in the vast majority of cases, this is your Internet service provider) to look up the IP address of the server that hosts the page you are looking for.
A DNS cache-poisoning attack swaps the correct IP for one that the attacker provides, so that an intended visit to Microsoft's homepage, for example, results in (again, for example) you arriving, with understandable perplexity, at a Chinese skincare website.
So DNS poisoning is an attack against, for the most part, service providers. Master Goodwin likens the tomfoolery to a misplaced telephone call.
"Cache poisoning is the functional equivalent of getting a directory assistance operator to give out phone numbers that you have selected, rather than the proper ones," he says. "This is one of the most popular DNS attacks, and the technique fully lives up to its scary-sounding name. And, as with other DNS exploits, new methods for cache poisoning are being invented all the time."
Continues on next page>>