Monday, 16 October 2017

How does DNS works and Cyber Attacks

As we communicate with each other in the real world the machines accessing the internet communicate with one another. Communication between two persons is reciprocal and is known as addressing each other and if at one point in time there is an audio or video conference then the communication is with one another and there may be interruptions if more than two individuals start taking part in the communication. Computers can handle a lot of information instantly and DNS is the communication system for addressing the Internet. Every Machine (like computers, mobiles, laptops, ATMs, and POS terminals), accesses the internet depends upon DNS Services for exchanging the information.

DNS uses recursive, hosting and root servers to translate the domain names such as into IP Addresses denoted by numerical values allowing the machines to reach the proper destination. Every internet application including websites, emails, social networking, online banking or VoIP (Voice over Internet Protocol, sharing, videos rely on the integrity of the communications in between the servers involved. Had there been no DNS, it would have been difficult to operate and search the internet as numerical IP address cannot be memorized by the internet users whereas the specific names can be easily remembered by the users and the conversion of Domain Names into actual IP addressed is taken care of by the translating servers throughout the world. DNS has far-reaching consequences to facilitate national infrastructure, online commerce operations and above all the financial transactions. The domain name space is virtually a tree of domain names, subdivided into zones. The top-level or root zone is taken care of by the U.S. Department of Commerce (DoC) and is jointly managed by Verisign and the Internet Assigned Numbers Authority (IANA) functions operator, who maintain the data in the root name servers. Every domain name ends with top-level domain (TLD) such as .com and to ensure that there is no duplication of domain names so that the internet operates properly without any conflict, there must be one and only one authority to register a domain names in root servers which also manage the domains for domain name registrars all over the world.

The process of translating a domain name into an IP address is called DNS resolution and when users pin in the domain name, such as, in the web browser, the browser contacts a name server to obtain the corresponding IP address. All such queries interact with recursive servers operated by ISP or wireless carriers. Recursive resolver knocks at any of the 13 root servers and thousands of servers positioned globally to support root servers. TLD server like .com domain name server then redirects to second level domain server and then TLD answers the query of hosting domain name server. Recursive server sends query to the identified domain name server and domain name servers return the answer in the shape of IP address standard IPv4 with further translation to next-generation internet protocol IPv6 (as IPv5 could not take off) and when the recursive resolver knows the IP address, the website appears as the browser will request the website to show the content which gets uploaded to the browser. In normal course query gets resolved within 1/10th of a second that is timeless than the blinking of an eye. In future IPv6 may change to IPv7 or Smart Internet Protocol version (IPvSmart - Name and Version is suggested by the Author and will not be searchable on the internet when the unique IP addresses may increase from the present strength of 10 multiplied by 36 times to 10 multiplied by say 250 times with the increasing usage of internet as every mail ID, website, blog, ATM machine, Point of Sales Machines and other machines accessing internet have unique IP addresses). IPv6 has more security vulnerabilities as compared to IPv4 due to more and more transiting machines, servers and these security threats can multiply more rapidly than the solutions which are found only after taking off new versions and solving the issues relating to security threats thereafter.

However in the middle of the transition queries are vulnerable to man in the middle attacks by cybercriminals in the shape of hacking or hijacking so as to lead the queries to land at impersonated sites or look-alike site and due to such attacks in the middle of transition the cybercriminals can :

  1. Hijack emails
  2. Tap Voice over IP (VoIP)
  3. Impersonate websites
  4. Steal passwords and login information
  5. Extract credit card data and other confidential information 
All this poisoning takes place in the cache of recursive name servers when fraudulent and fictitious DNS data gets inserted in place of data requisitioned. Recursive name servers temporarily store, or cache, information gathered during the query or name resolution process, but without DNSSec and the Recursive servers can not ensure the validity and accuracy of the stored information. Due to the malicious information getting stored on the recursive name server, the server is termed as having been "poisoned" which further facilitates an attacker to redirect traffic to fraudulent sites. MITM (or as it called the man in the middle) attack intercepts and changes the communications between two system server. The attacker can significantly change the machine communications so as to redirect traffic to an illegal address or fraudulent website. Internet users can not detect the "man in the middle" and assume that they are communicating with the correct IP Address or destination they sign in to the website with their user id and password to be trapped by the Key Loggers active on the illegal site.

Note: Domain names are registered for a minimum period of one and the maximum period of ten years by an individual or an organization. A domain name allows your fans, customers to find your site through easy to remember domain name instead of the numerical IP address, difficult to remember. 

Google+ Followers