DNS cache poisoning is a security weakness where the domain name system provides incorrect information, sending users to unintended locations. It can be caused by malicious attacks or mistakes in configuration and can lead to users being sent to sites containing malicious software. DNS servers are regularly maintained to address any corruption or poisoning. Countermeasures are difficult, but new techniques and antivirus updates are regularly developed.
DNS cache poisoning is a technology problem in which the domain name system used to look up IP addresses for domain names becomes corrupted, sending users typing those addresses into their browsers to the wrong place. There are several ways to poison a DNS cache, ranging from a malicious attack to a mistake made while configuring a system. It represents a security weakness, as people with malicious code can use DNS cache poisoning to attack innocent Internet users.
When users type an address like www.wisegeek.com into a browser, their computers query a server that stores IP addresses to find out where the wiseGEEK server is located. The server delivers the information, pointing the user’s computer to wiseGEEK. In DNS cache poisoning, the server provides incorrect information, sending users to an unintended location. Sometimes the address is simply invalid and the user cannot reach the site or hits another site by mistake, but in malicious attacks, the user may be sent to a site containing malicious software such as spyware and the site may automatically install that software if the user’s computer is poorly protected.
DNS servers are maintained on a regular basis to update addresses, find and fix security flaws, and address any corruption or poisoning. Virus-infected users may find that even if the DNS server is accurate, their computers will still end up in the wrong place when they enter a web address due to the virus.
When DNS cache poisoning happens accidentally due to a bad installation or other problem, it is usually identified and fixed quickly. In cases where malicious code is involved, it can be more difficult to untangle. For example, a computer can be fooled into thinking it is querying a server to get the right address, when in reality a virus is substituting an IP address that will take the user to a completely different site. DNS cache poisoning can be a big problem when users try to access trusted sites like their bank and are unable to reach them.
Security flaws such as DNS cache poisoning are difficult to counter, although new techniques are always being developed and antivirus programs regularly provide updates for viruses known to use DNS cache attacks. As people find new ways to combat them, people interested in malicious activity find ways around the new security measures, forcing developers to go back to the drawing board to come up with another tactic.
Protect your devices with Threat Protection by NordVPN
