Page 933 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 933

In 2008, a fairly significant vulnerability was discovered and disclosed
               to the world by Dan Kaminsky. The vulnerability lies in the method by

               which local or caching DNS servers obtain information from root
               servers regarding the identity of the authoritative servers for a
               particular domain. By sending falsified replies to a caching DNS server
               for nonexistent subdomains, an attacker can hijack the entire
               domain’s resolution details. For an excellent detailed explanation on
               how DNS works and how this vulnerability threatens the current DNS
               infrastructure, visit “An Illustrated Guide to the Kaminsky DNS

               Vulnerability” located at http://unixwiz.net/techtips/iguide-
               kaminsky-dns-vuln.html.

               Another DNS concern is that of the Homograph attack. These attacks
               leverage similarities in character sets to register phony international
               domain names (IDNs) that to the naked eye appear legitimate. For
               example, some letters in Cyrillic look like Latin characters; for
               example, the p in Latin looks like the Palochka Cyrillic letter. Thus,

               domain names of apple.com and paypal.com might look valid as Latin
               characters but actually include Cyrillic characters that when resolved
               direct you to a different site than which you intended. For a thorough
               discussion of the Homograph attack, see https://blog
               .malwarebytes.com/101/2017/10/out-of-character-homograph-

               attacks-explained/.

               The only real solution to this DNS hijacking vulnerability is to upgrade
               DNS to Domain Name System Security Extensions (DNSSEC). For
               details, please visit dnssec.net.


               Hyperlink Spoofing

               Yet another related attack is hyperlink spoofing, which is similar to
               DNS spoofing in that it is used to redirect traffic to a rogue or imposter

               system or to simply divert traffic away from its intended destination.
               Hyperlink spoofing can take the form of DNS spoofing or can simply
               be an alteration of the hyperlink URLs in the HTML code of
               documents sent to clients. Hyperlink spoofing attacks are usually
               successful because most users do not verify the domain name in a URL

               via DNS; rather, they assume that the hyperlink is valid and just click
               it.
   928   929   930   931   932   933   934   935   936   937   938