DNS is also known as Domain Name Server is a network protocol that been used by people around the world whenever to access website URL rather than IP Address. In other terms, the website transit from IP address to an simple and easy to remember Domain Name Server
Recently, there is a new invention related to DNS would be DNS-over-HTTPS which been proposed as an internet standard (IETF) that been created from a few years back.
The DNS protocol’s purpose is to make a change on the DNS works process where DNS queries have been seen in plaintext for all applications either computer or mobile devices including the DNS server too. However, DNS-over-protocol will encrypt all DNS queries which will be cover as normal traffic of HTTP going to the network segment.
The recent attack on DNS-over-HTTPS have can be seen listed as follows:
- Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH)
- First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol
The list below are the DNS provider that been supported in Google Chrome
Types of DNS attack
In this section, I will share a few attacks that related to DNS which will danger your organization’s network and also your own’s network. Let’s dig in then!
- DNS Rebinding
- DNS DDoS
This attack would focus on the same origin where it will take advantage of the same Website URL. For example, https://sameorigin.com/index.html and https://sameorigin.com/firstpage.html can be considered as same-origin where https://sameorigin.com/index.html and https://sametest.com/firstpage.html would be considered as the different origin.
A group of attackers would try to bypass the restrictions by imposed with the same-policy origin via DNS rebinding attacks. These attacks normally will directly map all the origin’s host domain to the victim’s domain. The attacker will gain some sensitive information on the server and even worst if the attacker can access the privileged operations via Remote Code Execution(RCE)
A migration way to this attack is that the system administrator will be advised to use local IP addresses than Public IP addresses on their website based.
The DNS DDoS attack is already common to people around the world which is pretty scared, to be honest. DNS DDoS attack can be compromised to the server will be an effective attack via the network segment. Most of the system will be down where the attackers will run any botnet to jammed the system with heavy traffic.