DNS ayaa muhiim u ah xallinta URL^(URLs) -yada aad geliso barta ciwaanka ee biraawsarkaaga. Shaqooyin badan ayaa gala Magaca Domain Resolution^{(Domain Name Resolution)} . Waa nooc ka mid ah hawlgallada soo noqnoqda oo ka caawiya browserkaagu inuu helo ciwaanka IP-ga ee mareegaha aad isku dayayso inaad gaadho. Haddii aad xiisaynayso, waxaad wax badan ka akhriyi kartaa Raadinta DNS iyo Servers^{(DNS Lookup and Servers)} .

Erayga Cache DNS^{(DNS Cache)} waxa loola jeedaa kaydka maxaliga ah ee ka kooban ciwaanada IP-ga ee la xaliyay ee mareegaha aad inta badan joogto. Fikradda Cache-ga DNS^{(DNS Cache)} waa in la badbaadiyo waqti haddii kale lagu kharash gareeyo la xiriirinta server-yada DNS kuwaas oo bilaabi doona hawlo isdaba-joog ah si loo ogaado cinwaanka IP-ga dhabta ah ee URL aad u baahan tahay inaad gaarto. Laakin khasnaddan waxa lagu sumayn karaa dambiilayaasha internetka si fudud iyaga oo u beddelaya gelinta kaydka DNS kaaga cinwaannada IP-ga been abuurka ah ee mareegaha aad isticmaasho.

DNS- afduubka

Waa maxay afduubka DNS

Sida magacaba ka muuqata, DNS Hijacking ama Redirection waa hab ay adeegsadaan dambiilayaasha internetka si ay u afduubaan browserkaagu isku dayo inuu xalliyo ciwaanka IP-ga ee shabakada aad rabto inaad ku shubto. Si loo fududeeyo isticmaalka, URL^(URLs) -yada aan isticmaalno waa qaab qoraal ah. URL kasta , waxaa jira ciwaanka IP-ga, iyo hawlo kala duwan ayaa u beddelaya URL- ka qoraalka cinwaanka IP-ga tiro ahaan. Maadaama ay jiraan hawlgallo badan oo ku lug leh xallinta ciwaanka IP-ga, dambiilayaasha internetka ayaa ka faa'iideysan kara dib u dhigista oo u diri kara kombiyuutarkaaga, ciwaanka IP-ga ee been abuurka ah ee ay leeyihiin.

Habka ugu badan ee afduubka DNS^{(common method for DNS Hijacking)} waa in lagu rakibo malware-ka kombiyuutarkaaga kaas oo beddelaya DNS - ka si mar kasta oo browserkaagu isku dayo inuu xalliyo URL , wuxuu la xiriiraa mid ka mid ah server-yada ^(URL)DNS ee been abuurka ah halkii uu ka heli lahaa server-yada dhabta ah ee DNS ay isticmaasho ICANN ( mamulka Internet ka mas'uul ka ah diiwaan gelinta domains, maareyntooda, siinta ciwaannada IP-ga, ilaalinta ciwaanka xiriirka iyo wax ka badan). Adeegaha DNS^(DNS) ee tooska ah ee kombuyuutarku la xidhiidhayo waa server-yada DNS ee uu ku shaqeeyo Bixiyaha Adeegga Internetka -^{(Internet Service Provider –)}in aad wax kale u badashay mooyaane. Marka la iibsado isku xirka internetka, server-yada DNS ee la isticmaalayaa waa ISP - ay aqoonsan tahay ICANN .

Malware-ka ku jira kumbuyuutarkaagu wuxuu beddelaa DNS -ka caadiga ah ee uu ku kalsoon yahay kumbuyuutarka si uu u tilmaamo ciwaanka kale ee IP. Habkaas, marka browserkaagu isku dayo inuu xalliyo ciwaanka IP-ga, kombayutarkaagu wuxuu la xidhiidhaa server-ka DNS been-abuurka ah kaas oo ku siinaya ciwaanka IP-ga khaldan. Tani waxay keenaysaa in browserkaagu uu soo rarto degel xaasidnimo ah oo laga yaabo inay wax u dhinto kombayutarkaada ama xaddo aqoonsigaaga iwm.

Afduubka DNS^{(DNS Hijacking)} vs. DNS Cache Sun

In kasta oo labadooduba ay ka dhacaan heer maxalli, asalkoodu waxa uu ka yimid server-yada DNS ee beenta ah . Iyadoo afduubka DNS ay ku lug leedahay malware^{(DNS hijacking involves malware)} , sunta Cache-ga DNS waxay ku lug leedahay ku-qorista kaydka DNS ee deegaankaaga oo leh qiimeyaal been abuur ah^{(DNS Cache poisoning involves overwriting your local DNS cache with fake values)} oo u jiheeya biraawsarkaaga shabakadaha xaasidnimada leh. Sunta Cache ee DNS ama Spoofing^{(DNS Cache Poisoning or Spoofing)} waxay ku lug leedahay farsamooyin ay ka mid yihiin duqeynta cinwaannada IP-ga ee been abuurka ah ee kumbuyuutarkaagu soo qaado iyadoo server-yada dhabta ah ee DNS ay wali ku mashquulsan yihiin xallinta URL- ka . Taasi waa, wakhtiga ay ku qaadato server-yada DNS ee dhabta ah si ay u xalliyaan URL , dembiilayaasha internetka waxay soo diraan jawaabo badan oo u dhigma URL -yada ciwaannada IP-ga ee been abuurka ah.

Tusaale ahaan, waxaad ku qortaa thewindowsclub.com browserkaaga. Marka server-ka dhabta ah ee DNS uu eego ciwaannada, kumbuyuutarkaagu wuxuu helayaa wax ka badan hal xal oo ah in goobta ay ku taal XYZ IP ciwaanka. Tani waxay ka dhigi doontaa kombuyuutarkaaga inuu rumaysto in goobta ay ku taal XYZ inkasta oo server-ka dhabta ah ee DNS uu soo diro cinwaanka IP-ga dhabta ah sababtoo ah cybercriminals' DNS servers ayaa soo diray jawaabo badan oo ay ku jiraan IP-ga been-abuurka ah ee thewindowsclub.com .

Farqiga u dhexeeya wakhtiga waxaa si wax ku ool ah u isticmaala cybercriminals kuwaas oo haysta servero badan oo DNS been abuur ah si ay u helaan kombuyuutarkaaga ciwaannada IP-ga khaldan iyo xaasidnimada leh ee kaydka. Markaa mid ka mid ah tobanka go'aan ee beenta ah ee DNS ee ay soo diraan dambiilayaasha 'cybercriminals ' server-yada DNS^{(’ DNS)} ayaa ka hormariya hal xallin dhab ah oo DNS ah oo ay soo diraan server-yada dhabta ah ee ^(DNS)DNS . Hababka kale ee Cache-ga DNS Sumaynta^{(DNS Cache Poisoning)} iyo ka-hortagga waxay ku taxan yihiin xiriirka sare lagu sheegay.

In kasta oo Sunta Cache^{(DNS Cache Poisoning)} -ga DNS iyo Afduubka DNS^{(DNS Hijacking)} si isweydaar ah loo isticmaalo, haddana farqi yar ayaa u dhexeeya. Habka sunta Cache-ga DNS^{(DNS Cache Poisoning)} kuma jirto in malware lagu dudo nidaamka kombayutarka laakiin waxa uu ku salaysan yahay habab kala duwan sida kan kor lagu sharaxay oo server-yada DNS ee been abuurka ah ay u soo diraan URL qaraar ka dhaqso badan server-ka dhabta ah ee DNS sidaas darteed cache-ku waa sun. Marka cache-ku sumeeyo, marka aad isticmaashid bogga internetka ee cudurka qaba, kombayutarkaga waa la jabiyay. Xaaladda Afduubka DNS^{(DNS Hijacking)} , mar hore ayaad cudurka qaaday. Malware-ku wuxuu beddelaa DNS -kaaga caadiga ah^(DNS)bixiyaha adeegga shay ay rabaan dembiilayaasha internetka. Halkaasna, waxay xakameeyaan go'aamada URL- kaaga ( ^(URL)DNS lookups), ka dibna waxay sii wadaan sumaynta kaydkaaga DNS^(DNS) .

Sida looga hortago afduubka DNS

Waxaan ka wada hadalnay sida looga hortago sumowga DNS^{(prevent DNS poisoning)} mar hore. Si loo joojiyo ama looga hortago afduubka DNS^{(DNS Hijacking)} , waxaa lagugula talinayaa inaad isticmaasho software ammaan oo wanaagsan^{(good security software)} kaas oo fogeynaya malware-ka sida beddelayaasha DNS . Isticmaalka Firewall wanaagsan . In kasta oo uu ugu fiican yahay firewall-ku-salaysan hardware, haddii aanad haysan, waxa aad shidi kartaa dab-demiyahaaga ugu yaraan.

Haddii aad u maleyneyso inaad horeyba u qaaday cudurka, waxaa fiican inaad tirtirto waxa ku jira faylka HOSTS^{(HOSTS file)} oo aad dib u dejiso File Hosts^{(reset the Hosts File)} . Ka dib markaad tan sameyso, sii wad oo isticmaal antimalware kaas oo kaa caawinaya inaad ka takhalusto beddelayaasha DNS .

Hubi haddii beddelka DNS uu beddelay ^(DNS)DNS kaaga . Haddii ay leedahay, waa inaad beddeshaa goobaha DNS kaaga^{(change your DNS settings)} . Si toos ah ayaad u hubin kartaa Haddii kale, waxaad gacanta ku hubin kartaa DNS -ka . Ku bilow adiga oo hubiya DNS -ka lagu sheegay Router ka ka dibna kumbiyuutarrada gaarka ah ee shabakadaada. Waxaan kugula talin lahaa in aad nadiifiso Cache-gaaga Windows DNS^{(flush your Windows DNS Cache)} oo aad u beddesho router-kaaga DNS DNS^(DNS) -ka kale sida Comodo DNS ,^(DNS) DNS Open,^{(Open DNS,)} Google Public DNS, Yandex Secure DNS, Angel DNS, iwm^(DNS) . in router-ka ayaa ka fiican in la habeeyo kombiyuutar kasta.

Waxaa jira aalado laga yaabo inay ku xiiseeyaan^{(There are tools that may interest you)} : F-Secure Router Checker ayaa hubin doona afduubka DNS , aaladdan ^(DNS)online-ka ah waxay hubisaa afduubyada DNS , iyo Qalabka Amniga ee WhiteHat wuxuu kormeeraa afduubyada DNS.

Hadda akhri^{(Now read)} : Waa maxay Afduubka Domain iyo sida loo soo ceshado domain la afduubay.

What is a DNS Hijacking attack & how to prevent it

DNS is important in resolving the URLs you enter into the address bar of your browser. A lot of work goes into Domain Name Resolution. It is a sort of recursive operation that helps your browser get the IP address of the website you are trying to reach out. If interested, you can read more about DNS Lookup and Servers.

The term DNS Cache refers to the local cache that contains the resolved IP addresses of websites that you frequent. The idea of DNS Cache is to save time that would otherwise be spent on contacting DNS servers that would start a set of recursive operations to find out the actual IP address of the URL you need to reach. But this cache can be poisoned by cybercriminals simply by changing the entries in your DNS cache to fake IP addresses for the websites you use.

dns-hijacking

What is DNS Hijacking

As the name suggests, DNS Hijacking or Redirection is a method used by cybercriminals to hijack your browser’s attempt to resolve the IP address of the website you wish to load. For ease of use, the URLs we use are in text format. For each URL, there is an IP address, and a set of operations go into converting the text URL into a numerical IP address. Since there are many operations involved in resolving the IP address, cybercriminals can take advantage of the delay and send to your computer, a fake IP address that belongs to them.

The most common method for DNS Hijacking is to install malware on your computer that changes the DNS so that whenever your browser tries to resolve a URL, it contacts one of the fake DNS servers instead of real DNS servers that are used by ICANN (authority of Internet that is responsible for registering domains, managing them, providing them with IP addresses, maintaining the contact addresses and more). The direct DNS servers that your computer contacts are the DNS servers being operated by your Internet Service Provider – unless you’ve changed them to something else. When an internet connection is bought, the DNS servers in use are of the ISP – recognized by ICANN.

The malware on your computer changes the default DNS trusted by your computer to point to some other IP address. That way, when your browser tries to resolve an IP address, your computer contacts a fake DNS server that gives you the wrong IP address. This results in your browser loading a malicious website that may compromise your computer or steal your credentials etc.

DNS Hijacking vs. DNS Cache Poisoning

Though both happen at the local level, their origins are from fake DNS servers. While DNS hijacking involves malware, DNS Cache poisoning involves overwriting your local DNS cache with fake values that redirect your browser to malicious websites. DNS Cache Poisoning or Spoofing involves techniques such as the bombardment of fake IP addresses that your computer picks up while the genuine DNS servers are still busy resolving the URL. That is, in the time that takes by genuine DNS servers to resolve a URL, the cybercriminals send plenty of responses that equate the URL with fake IP addresses.

For example, you type thewindowsclub.com in your browser. By the time a genuine DNS server looks up the addresses, your computer receives more than one resolution that the site is at XYZ IP address. This will make your computer believe that the site is at XYZ even though the genuine DNS server sends the genuine IP address because the cybercriminals’ DNS servers sent many responses containing a fake IP for thewindowsclub.com.

This difference in time is used effectively by cybercriminals who have many fake DNS servers to get your computer note down wrong and malicious IP addresses to the cache. So one out of the ten fake DNS resolutions sent by cybercriminals’ DNS servers takes precedence over one genuine DNS resolution sent by the genuine DNS servers. Other methods of DNS Cache Poisoning and prevention are listed in the link provided above.

Though DNS Cache Poisoning and DNS Hijacking are used interchangeably, there is a small difference between them. The method of DNS Cache Poisoning does not involve injecting malware into your computer system but is based on different methods like the one explained above where fake DNS servers send a URL resolution faster than the genuine DNS server and thus the cache is poisoned. Once the cache is poisoned, when you use an infected website, your computer is compromised. In the case of DNS Hijacking, you are already infected. A malware changes your default DNS service provider to something that the cybercriminals want. And from there, they control your URL resolutions (DNS lookups), and then they keep on poisoning your DNS cache.

How to prevent DNS Hijacking

We have discussed how to prevent DNS poisoning already. To stop or prevent DNS Hijacking, it is recommended that you use good security software that keeps malware such as DNS changers away. Using a good Firewall. While a hardware-based firewall is best, if you do not have it, you could turn on your router firewall at the least.

If you think you are already infected, it is better to delete the contents of the HOSTS file and reset the Hosts File. After doing this, go ahead and use antimalware that helps you get rid of DNS Changers.

Check if any DNS changer has changed your DNS. If it has, you should change your DNS settings. You can check it automatically. Alternatively, you can check for the DNS manually. Start by checking the DNS mentioned in Router and then in individual computers on your network. I would recommend that you flush your Windows DNS Cache and change your router DNS to some other DNS like Comodo DNS, Open DNS, Google Public DNS, Yandex Secure DNS, Angel DNS, etc. A secure DNS in the router is better than configuring each computer.

There are tools that may interest you: F-Secure Router Checker will check for DNS hijacking, this online tool checks for DNS Hijackings, and WhiteHat Security Tool monitors DNS hijackings.

Now read: What is Domain Hijacking and how to recover a hijacked domain.

Kyler Adams

About the author

Waxaan ahay mid aad loogu taliyay Windows 10 khabiir, waxaanan ku takhasusay inaan dadka ka caawiyo inay shakhsiyeeyaan muuqaalkooda kumbuyuutarka oo ay ka dhigaan qalabkooda Xafiis kuwo saaxiibtinimo leh. Waxaan u isticmaalaa xirfadahayga si aan uga caawiyo dadka kale siyaabaha ugu waxtarka badan ee lagula shaqeeyo Microsoft Office, oo ay ku jiraan sida loo qaabeeyo qoraalka iyo sawirada daabacaadda internetka, sida loo abuuro mawduucyo gaar ah oo loogu talagalay Outlook, iyo xitaa sida loo habeeyo muuqaalka shaqada ee miiska kombuyuutar.

Waa maxay weerarka afduubka DNS & sida looga hortago

Waa maxay afduubka DNS

Afduubka DNS^{(DNS Hijacking)} vs. DNS Cache Sun

Sida looga hortago afduubka DNS

What is a DNS Hijacking attack & how to prevent it

What is DNS Hijacking

DNS Hijacking vs. DNS Cache Poisoning

How to prevent DNS Hijacking

Kyler Adams

About the author

Related posts

Adeegyada Dynamic DNS ee ugu fiican ee shabakada ee ay tahay inaad isticmaasho

Daaqadaha lama xiriiri karo qalabka ama kheyraadka (Serfarka DNS)

DNSLookupView waa Qalabka Raadinta DNS ee bilaashka ah ee kumbuyuutarrada Windows

Sida loogu awood DNS ka badan HTTPS gudaha Windows 11/10

Sida loo beddelo goobta server-ka DNS ee Xbox One si looga dhigo mid dhakhso badan

Sida loo hagaajiyo Server-ka DNS oo aan ka jawaabin qalad

Sida loo Nadiifiyo, Dib u Dajinta, U Daadi Cache DNS gudaha Windows 11/10

Aaladda Adeegga Dadweynaha ee DNS waa beddelka DNS bilaashka ah ee Windows 10

Hagaaji server-ka DNS ma aha mid awood u leh cilada aagga Windows 11/10

[Fiddler] Raadinta DNS ee degelka oo ku guuldareystay system.net.sockets.socketexception

Sida loogu beddelo OpenDNS ama Google DNS ee Windows

Dib u eegista OpenDNS - DNS bilaashka ah oo leh xakameynta iyo xawaaraha waalidka

Server-kaaga DNS waxaa laga yaabaa inaan laga heli karin gudaha Windows 11/10

Kumbuyuutarku wuxuu u muuqdaa mid si sax ah loo habeeyay, laakiin aaladda ama kheyraadka ayaan ka jawaabin

Ka yeel DNS dusheeda HTTPS ee Firefox, Chrome, Edge, Opera, Android, iPhone

Khaladaadka HTTP 503, Adeeggu waa dhib aan la heli karin

Hagaaji Server-kaaga DNS waxaa laga yaabaa inuu yahay qalad aan la heli karin

Sida loogu isticmaalo DNS-ka sifada gaarka ah HTTPS gudaha Windows 11

RSAT waxay maqan tahay aaladaha server-ka DNS ee gudaha Windows 10

Sida loo dejiyo Google Public DNS kumbuyuutarkaaga

Waa maxay weerarka afduubka DNS & sida looga hortago

Waa maxay afduubka DNS

Afduubka DNS(DNS Hijacking) vs. DNS Cache Sun

Sida looga hortago afduubka DNS

What is a DNS Hijacking attack & how to prevent it

What is DNS Hijacking

DNS Hijacking vs. DNS Cache Poisoning

How to prevent DNS Hijacking

Kyler Adams

About the author

Related posts

Adeegyada Dynamic DNS ee ugu fiican ee shabakada ee ay tahay inaad isticmaasho

Daaqadaha lama xiriiri karo qalabka ama kheyraadka (Serfarka DNS)

DNSLookupView waa Qalabka Raadinta DNS ee bilaashka ah ee kumbuyuutarrada Windows

Sida loogu awood DNS ka badan HTTPS gudaha Windows 11/10

Sida loo beddelo goobta server-ka DNS ee Xbox One si looga dhigo mid dhakhso badan

Sida loo hagaajiyo Server-ka DNS oo aan ka jawaabin qalad

Sida loo Nadiifiyo, Dib u Dajinta, U Daadi Cache DNS gudaha Windows 11/10

Aaladda Adeegga Dadweynaha ee DNS waa beddelka DNS bilaashka ah ee Windows 10

Hagaaji server-ka DNS ma aha mid awood u leh cilada aagga Windows 11/10

[Fiddler] Raadinta DNS ee degelka oo ku guuldareystay system.net.sockets.socketexception

Sida loogu beddelo OpenDNS ama Google DNS ee Windows

Dib u eegista OpenDNS - DNS bilaashka ah oo leh xakameynta iyo xawaaraha waalidka

Server-kaaga DNS waxaa laga yaabaa inaan laga heli karin gudaha Windows 11/10

Kumbuyuutarku wuxuu u muuqdaa mid si sax ah loo habeeyay, laakiin aaladda ama kheyraadka ayaan ka jawaabin

Ka yeel DNS dusheeda HTTPS ee Firefox, Chrome, Edge, Opera, Android, iPhone

Khaladaadka HTTP 503, Adeeggu waa dhib aan la heli karin

Hagaaji Server-kaaga DNS waxaa laga yaabaa inuu yahay qalad aan la heli karin

Sida loogu isticmaalo DNS-ka sifada gaarka ah HTTPS gudaha Windows 11

RSAT waxay maqan tahay aaladaha server-ka DNS ee gudaha Windows 10

Sida loo dejiyo Google Public DNS kumbuyuutarkaaga

Afduubka DNS^{(DNS Hijacking)} vs. DNS Cache Sun