DNS Hijacking is a major issue in the connected world. Every unique instance you type an address into your address bar your internet-connected device makes a request to a DNS server to get the actual Internet Address (IP). The more addresses you type, the higher the amount of malware that enters your DNS and forces you to use an affected server instead of a healthy one. In other words, when an attacker takes control of a computer to alter its DNS settings; it now points to a rogue DNS server, and the process is referred to as DNS Hijacking.
Dangers of DNS Hijacking
1. Phishing: This attack involves redirecting your viewers to a site that is similar in design and functionality to your original web page. This is mostly used in cases of banking fraud and email hacks.
2. Pharming: This is a kind of attack where a website’s traffic is redirected to another website that is usually fake and different from the original source. This is often done by hackers in order to generate advertising revenue and is found on social media sites like Facebook and Twitter.
Check DNS Hijacking
Here is an online tool that helps reduce your effort of struggling to find the source of the malware. Who is My DNS website helps expose the actual server that made the request on your behalf and tells you if it’s a trusted source or not?
The tool has a three-step process to detect the malware source:
1. Request: The process starts off with the tool requesting access from your DNS server to their server so that it can be identified which DNS server made the request on your behalf. This step helps ‘Who is My DNS’ in establishing the exact source of the attack.
2. Lookup: Once the tool requests access and detect the source of your DNS server, you need to click the Check my DNS button. This prompts the service to search the DNS server logs for your unique request and find the IP address of the server that made the request on your behalf.
3. Check and Verify: The website then scans its wide database to see if that DNS server is a recognized server and whether it is present in their preset results of suspicious servers. They also look up its Reverse DNS (PTR record) and the IP address’ registered owner with ARIN.
How do you tell if DNS has been hijacked?
To tell if your DNS has been hijacked or not, there is only one option. You need to check the current DNS settings with the original one. If they are not identical, it implies that the DNS settings have been tweaked without your permission.
Can someone hack your DNS server?
Yes, an attacker can hack into your DNS server and change it as per his/her requirements. The most common method is DDoS, which is widely popular nowadays. However, if you want to check the same, you can use the aforementioned tool to know if your DNS has been hijacked or not.
Visit whoismydns.com and check if your DNS has been hijacked.
Related posts that may interest you:
- F-Secure Router Checker checks for DNS hijacking
- WhiteHat Security Tool monitors DNS hijacking
- DNSChanger will reset changes made by rogue DNSChanger.