4.2 Summarize various types of attacks and their impact
Network Attacks
📘CompTIA Network+ (N10-009)
1. What is DNS?
- DNS stands for Domain Name System.
- It acts like the Internet’s phonebook, translating human-friendly domain names (like
example.com) into IP addresses (like192.168.1.10) that computers use to communicate. - Without DNS, users would need to remember IP addresses for every website or service.
2. What is DNS Poisoning / Spoofing?
- DNS poisoning (also called DNS spoofing) is a type of cyberattack that tricks a DNS server into giving incorrect IP addresses.
- The goal is to redirect traffic from a legitimate site or service to a malicious one controlled by an attacker.
Key idea: The user thinks they are going to the correct website, but the attacker has redirected them elsewhere.
3. How DNS Poisoning Works
There are a few common methods:
a) Cache Poisoning
- DNS servers store previous requests in a cache to speed up responses.
- Attackers inject false DNS information into this cache.
- Example flow:
- User requests
securebank.com. - DNS server has been poisoned and responds with the attacker’s IP address instead of the real bank’s IP.
- User unknowingly connects to the attacker’s server.
- User requests
b) Man-in-the-Middle Spoofing
- The attacker intercepts DNS requests between a client and a server.
- They reply faster than the legitimate DNS server with fake information, redirecting the client.
c) Rogue DNS Servers
- Attackers configure a malicious DNS server.
- If a network or device uses this server, all DNS lookups can be redirected to malicious IPs.
4. Effects / Impacts
DNS poisoning can have serious consequences in IT environments:
- Redirection to malicious sites
- Users may unknowingly log in to fake services.
- Can lead to credential theft or malware installation.
- Denial of Service (DoS)
- Users cannot reach the legitimate site because DNS queries are misdirected or blocked.
- Data interception
- If traffic is redirected through the attacker’s server, sensitive information can be captured or altered.
- Network-wide impact
- If a company’s internal DNS server is poisoned, many users and services can be affected simultaneously.
5. How to Detect DNS Poisoning
- Unusual DNS responses: IP addresses that don’t match expected addresses.
- Inability to reach legitimate sites: Users may get errors while accessing trusted services.
- Security alerts from DNS monitoring tools that detect abnormal traffic.
6. How to Prevent DNS Poisoning
a) Use DNSSEC (DNS Security Extensions)
- Adds cryptographic verification to DNS responses.
- Ensures that DNS responses are authentic and not altered.
b) Regularly Clear DNS Cache
- Prevents attackers from using old, poisoned entries.
c) Use Trusted DNS Servers
- Avoid public or unverified DNS servers for critical IT services.
d) Monitor DNS Traffic
- Use network monitoring tools to detect unusual or suspicious DNS activity.
e) Restrict Internal DNS Access
- Only allow authorized servers and devices to communicate with internal DNS servers.
7. Key Exam Points for CompTIA Network+
When studying for the exam, remember these must-know points:
| Concept | Key Fact |
|---|---|
| DNS | Translates domain names to IP addresses. |
| DNS Poisoning / Spoofing | Attack that corrupts DNS responses to redirect traffic. |
| Cache Poisoning | False information stored in DNS cache. |
| Rogue DNS Server | Malicious server that provides false DNS responses. |
| Impacts | Credential theft, malware, service disruption, data interception. |
| Prevention | DNSSEC, trusted DNS, monitoring, cache management, restricted access. |
8. Easy Way to Remember
Think of DNS poisoning like a hacker giving the wrong directions in a company IT network: instead of reaching the correct server, the traffic is misdirected, potentially capturing sensitive data or disrupting services.
