{"id":152,"date":"2008-02-15T15:41:02","date_gmt":"2008-02-15T23:41:02","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/02\/15\/number-of-rogue-dns-servers-increasing\/"},"modified":"2008-02-15T15:46:53","modified_gmt":"2008-02-15T23:46:53","slug":"number-of-rogue-dns-servers-increasing","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/02\/15\/number-of-rogue-dns-servers-increasing\/","title":{"rendered":"Number of Rogue DNS Servers Increasing"},"content":{"rendered":"<p>Researchers from Google and the Georgia Institute of Technology have published a paper indicating the increasing number of attacks from the use of rogue DNS servers (the paper estimates that there are currently about 68,000 of these servers).\u00a0<!--more-->For those that are unfamiliar with DNS, it is an important element to the workings of the Internet(s). \u00a0DNS servers, short for Domain Name System servers, are used to look up the IP addresses of servers that correspond to the desired domain addresses (i.e. www.google.com). \u00a0Although the actual details are a bit more complicated, essentially, when a user types in a domain into his\/her browser (and as long as the domain&#8217;s IP address wasn&#8217;t already cached), the user&#8217;s machine sends a request to the DNS for the domain&#8217;s IP address so that it can then send requests to this IP address which would then usually send back the contents of the webpage. \u00a0So it&#8217;s essentially a huge table of domain names and their corresponding server IP addresses. \u00a0The addresses of the DNS servers are pre-configured onto the users&#8217; computers. \u00a0So if a malicious hacker can gain access to this, they can change it to point to their own fake DNS server. \u00a0\u00a0A rogue DNS server, can then give out incorrect IP addresses that point to the hacker&#8217;s own malicious websites. \u00a0The hackers can then use spoofed web pages (phishing) to try to steal personal information like usernames and passwords. \u00a0An interesting note is that the rogue DNS servers sometimes work correctly and only send fake IP addresses sometimes, making it harder for users to determine if they are affected. \u00a0The users can detect if their DNS server paths have been overwritten by running a virus scan, and unless the\u00a0infrastructure\u00a0of the Internet is changed, it seems like this the only defense people have against this attack. \u00a0Original article\u00a0<a href=\"http:\/\/ap.google.com\/article\/ALeqM5ifrgeDBfUGAvXtLH_vgVrKcm0s_wD8UPLR8O1\">can be found here<\/a>.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers from Google and the Georgia Institute of Technology have published a paper indicating the increasing number of attacks from the use of rogue DNS servers (the paper estimates that there are currently about 68,000 of these servers).\u00a0<\/p>\n","protected":false},"author":22,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-152","post","type-post","status-publish","format-standard","hentry","category-current-events"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=152"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/152\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}