DNS Hijacking: Types & How to Protect Against it

DNS Hijacking: Types & How to Protect Against it

DNS Hijacking: Types & How to Protect Against it

What is DNS?
Domain Name System (DNS) is the directory of internet that links a website to its IP address. When a user types a website’s name in the browser address bar, browser sends that URL to the DNS. In response the browser receives the IP address of that website and subsequently user is able to access the website.

What is DNS Hijacking?
DNS Hijacking is a method of DNS attack in which attackers try to resolve DNS queries incorrectly and thus aim to redirect users to malicious websites. Attackers trick users into using fake version of website where user shall input their data, allowing attackers to steal them. DNS hijacking is also called DNS redirection.

There are two ways in which DNS hijacking is mis-used:

  • Pharming: It is a type of attack that redirects website traffic to malicious website. It is done by manipulating the user’s device, host file or exploiting the DNS server.
  • Phishing: In this attack, attackers sends fishy links or emails to users and trick them into revealing information like login credentials, sensitive data etc.

Internet Service Providers (ISPs) also perform a type of DNS hijacking but it is not dangerous. ISPs can collect user DNS queries, thereby collecting data to serve advertisement. But it can still sometime make user feel unsecured and put their privacy at risk.

Types of DNS Hijacking:

  • Local DNS hijacking: Attackers install malware to the victim’s system and change their local DNS setting to redirect the user to other malicious websites.
  • Router DNS hijacking: In this type of attack, attackers hack DNS router, change router setting and target all the users connected to that router or network.
  • Rouge DNS Hijacking: After DNS server hacking, attacker change DNS records and direct all the user’s traffic to malicious websites.
  • Man in the Middle DNS Hijacking: Attackers act as middle man between user and DNS server and serve fake IP address that redirects user to malicious website.

How to detect DNS Hijacking?
Some common signs of DNS hijacking are frequent pop up ads on website, redirecting to other suspicious website and slowed down web page loading. They are just indicators but we cannot identify it without doing further diagnosis like:

  • Using Ping Command: Ping a non-existing domain using command terminal, if the result shows “IP does not exist” it means you are safe. 
  • Router Checker: To check if router has been infected, first thing is to check its DNS setting or simply use Router Checker tool that verifies in few seconds.
  • WhoisMyDNS.com: It is an online tool that helps user to expose DNS hijacking.

How to Protect against DNS Hijacking?
These are some basic steps to protect yourself from DNS hijacking:

  • Never clicks on suspicious links or website or social media platform
  • Check URL before using it
  • Avoid using public Wi-Fi or open internet networks

Also Read: Firewall Security: Its Types and Benefits

These were some basic steps which do not require technical skills but today we need more precautions to protect ourselves from DNS hijacking:

  • Using DNSSEC (Domain Name System Security Extension): It is a very important step in protecting ourselves from DNS hijacking. DNSSEC ensures a high level of DNS security.
  • Choose secure DNS server: Change secure DNS server from default one.
  • Keep router safe and up to date: Always change router default username and password and keep its firmware up to date.
  • Use VPN service: Use Virtual Private Network (VPN) service for hiding IP address.
  • Use anti-malware software
  • Use script blocker in browser
  • Restrict access to your server