Last Updated on August 1, 2021 by Admin 2
What is DNS poisoning?
- the practice of dispending IP addresses and host names with the goal of traffic diversion
- the practice of many computers transmitting malformed packets to the DNS server to cause the server to crash
- the practice of one computer transmitting malformed packets to the DNS server to cause the server to crash
- the practice of continually sending a DNS server synchronization messages with spoofed packets
DNS poisoning is the practice of dispensing IP addresses and host names with the goal of traffic diversion. Properly configured DNS security (DNSSES) on the server can provide message validation, which. in turn, would prevent DNS poisoning.
A SYN flood is the practice of continually sending a DNS server synchronization messages with spoofed packets. A SYN flood can transpire when a high number of half-open connections are established to a single computer.
A DNS denial-of-service (DoS) attack is the practice of one computer transmitting malformed packets to the DNS server to cause the server to crash. A DNS distributed DoS (DDoS) attack is the practice of many computers transmitting malformed packets to the DNS server to cause the server to crash.
Address resolution Protocol (ARP) poisoning is similar to DNS poisoning. In this attack, a malicious actor sends falsified ARP messages over a local area network.
In a domain hijacking attack, the registration of a domain name is changed without the permission of the original registrant.
Objective: Security Monitoring
Sub-Objective: Describe the function of these protocols in the context of security monitoring: DNS, NTP, SMTP/POP/IMAP, HTTP/HTTPS