Fighting DNS Poisoning


DNS poisoning or spoofing is done when an attacker intercepts a DNS request and sends a fabricated (poisoned) response to the client.

How do you fight it? DNS encryption, DNSSEC—all features of DNSFilter.

Free 14 day trialDownload Full Comparison Here
fight dns poisoning

What is DNS poisoning?

DNS poisoning. DNS cache poisoning. DNS spoofing. Many names for the same thing: A way for threat actors to insert false DNS records to route traffic intended for a legitimate domain to a fake one.

It's called “poisoning” because the false entry (the poison) is injected into the system at a single point and can spread throughout the system, affecting other points.

This results in the end user attempting to access a usually safe site, like twitter.com, and getting redirected to the spoofed version. Often, you're taken to a login page where you're asked to submit credentials. In this scenario, you're giving away your Twitter account to the attacker. Once the attacker harvests your login credentials, they redirect you to the original Twitter website to continue your session.

More than 30,000 DNS poisoning attacks daily

70% of all cyber attacks involve the DNS layer

33% of DNS attacks in 2021 were due to DNS poisoning

What does DNS poisoning look like?

Unfortunately, a good DNS poisoning attack will go completely unnoticed to the end user. There will be no visible differences between a real Twitter login page and the spoofed one. This allows the attacker to take advantage of the user’s ignorance to steal sensitive information.

Another way a DNS poisoning attack can appear to an end user is when the domain refuses to load. This is done by attackers to frustrate the users of a service or cause harm to the business of that service. The attacker can substitute the IP address of the original domain with one that is not publicly accessible or simply spoof a “Not Found” page.

Governments like China have also been known to spoof domains on their global block lists.

In most of these cases, the end-user will likely never know they were the victim of DNS cache poisoning.

How can you stop DNS poisoning?

There are multiple actions you can take to prevent DNS poisoning.

- Implement DNSSEC: DNSFilter fully supports DNSSEC, but proper configuration is key.
- Disable Dynamic DNS: While not everyone is able to disable Dynamic DNS because of their ISP, disabling it or never implementing it is another way to mitigate DNS poisoning.
- Encrypt DNS data: We support both DNS-over-HTTPS and DNS-over-TLS.

And of course, you should run regular system updates to ensure you have no newly detected vulnerabilities.

Free 14 day trial

Threats We Block

malware threat icon
Malware

Malware is short for “malicious software” and can be spread in a variety of ways such as forced downloads or malicious ad content. It includes viruses, worms, spyware, ransomware, and trojan horses. The most common way that malware gets onto a computer or other device is through surfing hacked sites. So the best way to protect your company from malware is to prevent your users from ever accessing these sites.

Zero Day Threats

DNSFilter is the best security product to protect against zero-day attacks because our proprietary AI tools are constantly scanning the internet for new sites that could potentially contain scams or malware. DNSFilter detects threats up to 80 hours faster than static threat feeds.

Phishing Attacks

Phishing and spear phishing attacks are a favorite among hackers because they are relatively easy to implement. They use email or chat (such as public Slack channels or Discord) to lure victims into a scam, or more commonly to a link where they will enter data or download malware. Phishing attacks can be broad and general, impersonating institutions like banks or hospitals, or they can be targeted and sophisticated, often impersonating employees inside your own organization. Because DNSFilter is constantly scanning the web for new malicious sites, we can prevent phishing attacks by stopping your employees before they hit a malicious site, or give a phisher their data.

Ransomware

Ransomware is software that allows hackers to encrypt files, networks, and computers remotely. They then hold your data hostage until your company pays a ransom. With the evolution of ransomware in key sectors like healthcare as well as the ubiquity that Ransomware-As-A-Service offers, this threat technique has become one of the top causes of cybersecurity incidents worldwide. In 2020 the average ransomware demand was $233,000 and they now make up around ⅓ of all security breaches. If your company doesn’t pay you risk data loss, or in some cases, data being sold on the darkweb. The key to ransomware protection is stopping the malware from being downloaded in the first place, which usually requires blocking the site that hosts the malicious content before an unsuspecting user can visit it and become infected.

phishing threat icon
Cryptojacking

A true 21st century threat, cryptojacking is the unauthorized takeover of a computer or network to “mine” cryptocurrency. Because new currency is created by computers using massive amounts of computing resources computational bandwidth is at a premium. Cryptojacking infects a distributed network of computers to utilize their computational bandwidth, slowing down the device and, at scale, driving up your energy costs. DNSFilter has a robust catalog of known cryptojacking sites, and domains that contain cryptocurrency references can be blocked in a single click.

Typosquatting

Thousands of people type Amazan.com into their browser every day. Turns out, the average internet user isn’t always the best speller. Bad actors take advantage of this by setting up malicious sites with domain names that feature common misspellings of familiar sites. Everyday we seem to discover new “Chase” login pages with an increasingly creative variety of typos (check out the fake sites here). DNSFilter protects the user from typosquatting by blocking access to domains that are known to contain malware or malicious content. Never worry about misspelled domain names again.

Man-in-the-Middle attacks

Have you ever visited a site that just looked off? Middleman attacks create a fake site that mimics a trustworthy brand login, and provides form fields where users enter their password, username, and potentially credit card data. The hacker then absconds with this data, leaving the user confused and exposed. Our AI-tool scans the UX of domains and includes logo matching, identifying when logos are being used on sites where they do not belong, ensuring that man-in-the-middle sites are quickly found, cataloged, and blocked.

Secure Your Organization Without Slowing Down

Content filtering for end-user protection. Block security threats and inappropriate content with DNSFilter.