What is DNS Poisoning?

DNS Poisoning

A way of forcing users to a malicious site by injecting bad data into a domain name server's cache in order to change (for users of that server) the destination a domain resolves to.

The effect of DNS poisoning is that the conversion from a URL to an IP address fails. For example, instead of translating the address www.americanexpress.com to the IP address corresponding to the actual site of American Express, a server that has been a victim of DNS poisoning will supply the incorrect IP address.

The URL that the user types will still be printed in the address bar, and if the content of the fraudulent website to which the translation is done looks the same as that of the legitimate site, then the user will not notice that the attack took place.

Moreover, the fraudulent website will be able to harvest all the cookies intended for the legitimate website, which will allow it to impersonate the user's machine to the real site as well. Also see man-in-the-midddle attacks. DNS poisoning is sometimes referred to as pharming, and can be performed in a large number of ways.

One of the recently discovered ways in which an attacker can mount an attack of this sort is by uploading malware to a person's router (or access point).

These are devices that have no inherent protection against malware, but which are very powerful in that all the user's Internet traffic passes through these machines. Therefore, an infected router can easily cause incorrect IP address information to be returned to an unsuspecting user.

Read more at Woods LLP