Question

Which of the following attacks seeks to introduce erroneous or malicious entries into a server's hostname-to-IP address cache or zone file?

Answer 1

Answer:

DNS poisoning or DNS cache poisoning                                              

Explanation:

• It is also called spoofing.
• It is a type of cyber attack in which the Domain Name System server data is modified.
• This modified and corrupted data is entered in DNS cache as a result of this, the internet traffic is redirected to some fake and fraud servers. These fake servers is controlled by the attacker.
• DNS basically coverts the domain names to IP addresses. Domain name (such as iamthebest.com) is understandable by humans so DNS translates it to IP address which is readable by computer.
• So when the computer gets a domain name, as domain name is readable by humans, so a computer will reach a DNS server to request the translation.
• The DNS server responds to this request by providing the IP address where the computer can locate that domain name.
• So the DNS server has a cache which stores the frequently requested translations so that it does not have to look up to other servers every time for the same request.
• If an incorrect translation has been entered into the DNS cache, it is said to be poisoned.
• Lets say some attacker modifies or corrupts some data in the DNS server as a result of which the web server directs the user to the wrong IP address of the attacker which might contain a malicious website.
• As the Internet Service Provider caches data from other DNS servers so the DNS poisoning can spread as the affected DNS server's information can be cached to other ISPs as they keep on storing false translations.
• As a result of DNS poisoning the users are diverted from the target website to a website that belongs to an attacker and contain viruses or a phishing website which can take personal information from the user such as credit card information.