#1 Trusted Cybersecurity News Platform
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: Search results for DNS

How to Make Your Internet Faster with Privacy-Focused 1.1.1.1 DNS Service

How to Make Your Internet Faster with Privacy-Focused 1.1.1.1 DNS Service

April 02, 2018Mohit Kumar
Cloudflare, a well-known Internet performance and security company, announced the launch of 1.1.1.1 —world's fastest and privacy-focused secure DNS service that not only speeds up your internet connection but also makes it harder for ISPs to track your web history. Domain Name System (DNS) resolver, or recursive DNS server, is an essential part of the internet that matches up human-readable web addresses with their actual location on the internet, called IP addresses. For example, when you try to open a website, say thehackernews.com, your DNS looks up for the IP address linked to this domain name and load the site. Since the default DNS services provided by ISPs are often slow and insecure, most people rely on alternative DNS providers—such as OpenDNS (208.67.222.222), Comodo DNS (8.26.56.26) and Google (8.8.8.8), to speed up their Internet. But if you use Cloudflare new 1.1.1.1 DNS service , your computer/smartphone/tablet will start resolving domain names within a bla
A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

January 19, 2021Ravie Lakshmanan
Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS  cache poisoning attacks  and remotely execute malicious code. The seven flaws, collectively called " DNSpooq " by Israeli research firm JSOF, echoes previously disclosed weaknesses in the DNS architecture, making Dnsmasq servers powerless against a range of attacks. "We found that Dnsmasq is vulnerable to DNS cache poisoning attack by an off-path attacker (i.e., an attacker that does not observe the communication between the DNS forwarder and the DNS server)," the researchers noted in a report published today. "Our attack allows for poisoning of multiple domain names at once, and is a result of several vulnerabilities found. The attack can be completed successfully under seconds or few minutes, and have no special requirements. We also found
Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS Security

Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS Security

January 10, 2019Swati Khandelwal
Almost every activity on the Internet starts with a DNS query, a key function of the Internet that works as an Internet's directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com). Since DNS queries are sent in clear text over UDP or TCP without encryption, the information can reveal not only what websites an individual visits but is also vulnerable to spoofing attacks. To address these problems, Google announced Wednesday that its Public DNS (Domain Name System) service finally supports DNS-over-TLS security protocol, which means that the DNS queries and responses will be communicated over TLS-encrypted TCP connections. The DNS-over-TLS has been designed to make it harder for man-in-the-middle attackers to manipulate the DNS query or eavesdrop on your Internet connection. Launched over eight years ago, Google Public DNS, at IP addresses 8.8.8.8 and 8.8.4.4, is world's largest public Domai
New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

May 20, 2020Ravie Lakshmanan
Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites. Called NXNSAttack , the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker's choice, potentially causing a botnet-scale disruption to online services. "We show that the number of DNS messages exchanged in a typical resolution process might be much higher in practice than what is expected in theory, mainly due to a proactive resolution of name-servers' IP addresses," the researchers said in the paper. "We show how this inefficiency becomes a bottleneck and might be used to mount a devastating attack against either or both, recursive resolvers and authoritative servers." Following responsible disclosure of NXNSAttack, several of the companies i
NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers

January 16, 2021Ravie Lakshmanan
The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by using HTTPS to provide privacy, integrity, and 'last mile' source authentication with a client's DNS resolver," according to the NSA's  new guidance . Proposed in 2018,  DoH  is a protocol for performing remote Domain Name System resolution via the HTTPS protocol. One of the major shortcomings with current DNS lookups is that even when someone visits a site that uses HTTPS, the DNS query and its response is sent over an unencrypted connection, thus allowing third-party eavesdropping on the network to track every website a user is visiting. Even worse, the
SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

November 13, 2020Ravie Lakshmanan
A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. Dubbed " SAD DNS attack " (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally destined to a specific domain to a server under their control, thereby allowing them to eavesdrop and tamper with the communications. "This represents an important milestone — the first weaponizable network side channel attack that has serious security impacts," the researchers said. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache." Tracked as CVE-2020-25705, the findings were presented at the ACM Conference on Computer, and Communications Security (CCS '20) held this week. The flaw affects operating systems Linux 3.18-5.10, Windows Serv
17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers

17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers

July 14, 2020Ravie Lakshmanan
Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019. The 17-year-old remote code execution flaw ( CVE-2020-1350 ), dubbed ' SigRed ' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted servers and seize complete control of an organization's IT infrastructure. A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. In a detailed report shared with The Hacker News, Check Point researcher Sagi Tzadik confirmed that the flaw is wormable in nature, allowing attackers to launch an attack that can spread
Google to Experiment 'DNS over HTTPS' (DoH) Feature in Chrome 78

Google to Experiment 'DNS over HTTPS' (DoH) Feature in Chrome 78

September 11, 2019Swati Khandelwal
Immediately after Mozilla announced its plan to soon enable ' DNS over HTTPS ' (DoH) by default for Firefox users in the United States, Google today says it is planning an experiment with the privacy-focused technology in its upcoming Chrome 78. Under development since 2017, ' DNS over HTTPS ' performs DNS lookups—finding the server IP address of a certain domain name—over an encrypted HTTPS connection to a DNS server, rather than sending DNS queries in plaintext. The protocol that sends DNS queries over secure HTTPS connections has specifically been designed to prevent miscreants from interfering with domain name lookups, eventually stopping network observers, including your ISPs and attackers, from figuring out what sites you visit. Though the privacy-focused technology is also helpful in preventing attackers from redirecting unsuspecting visitors to phishing and malware sites, DNS over HTTPS could also bring its own new challenges to the enterprise security so
Anti-DDoS Services Abused to Carry Out DDoS Attack with 1.5 Billion Requests/Minute

Anti-DDoS Services Abused to Carry Out DDoS Attack with 1.5 Billion Requests/Minute

May 13, 2014Mohit Kumar
Till Now the Internet was encountering the traditional Distributed Denial of Service (DDoS) attacks , where a large number of compromised systems use to flood servers with tremendous amount of bandwidth; but in past few months we have noticed massive change in the techniques of DDoS attack. Hackers are using creative, but evil DDoS techniques such as NTP and DNS Amplification DDoS attacks. Last month we have seen that how cybercriminals abused a vulnerability in one of the biggest Chinese video hosting website Sohu.com to convert their millions of visitors to participate into the Layer 7 (Application Layer) DDoS attack with 20 Million requests. According to the new report released by a US based security solutions provider Incapsula , another interesting DDoS attack activities have been noticed by the researchers in which an attacker abused two major anti-DDoS Service providers to perform massive DDoS attack on other websites. Its really EPIC that the services who should
New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks

New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks

November 19, 2021Ravie Lakshmanan
Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The  attack  allows an off-path attacker to inject a malicious DNS record into a DNS cache," University of California researchers Keyu Man, Xin'an Zhou, and Zhiyun Qian  said . "SAD DNS attack allows an attacker to redirect any traffic (originally destined to a specific domain) to his own server and then become a man-in-the-middle (MITM) attacker, allowing eavesdropping and tampering of the communication." The latest flaw affects Linux kernels as well as popular DNS software, including BIND, Unbound, and dnsmasq running on top of Linux, but not when run on other operating systems FreeBSD or Windows. From Kaminsky Attack to SAD DNS DNS cache poisoning, also called DNS spoofing, is a  technique  i
Millions of Vulnerable Routers aiding Massive DNS Amplification DDoS Attacks

Millions of Vulnerable Routers aiding Massive DNS Amplification DDoS Attacks

April 03, 2014Swati Khandelwal
The Distributed Denial of Service (DDoS) attack is becoming more sophisticated and complex with the increase in the skills of attackers and so, has become one of favorite weapon for the cyber criminals to temporarily suspend or crash the services of a host connected to the Internet and till now nearly every big site had been a victim of this attack. Since 2013, Hackers have adopted new tactics to boost the sizes of Distributed Denial of Service ( DDoS ) attack known as ' Amplification Attack ', leveraging the weakness in the UDP protocols. One of the commonly used by hacker is (Domain Name System) DNS Reflection Denial of Service (DrDoS). WHAT IS DrDoS ATTACK? The DNS Reflection Denial of Service (DrDoS) technique exploits security weaknesses in the Domain Name System (DNS) Internet protocol. Using Internet protocol spoofing, the source address is set to that of the targeted victim, which means all the replies will go to the target and the target of the attack receives re
Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

February 26, 2020Mohit Kumar
If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means, from now onwards, Firefox will send all your DNS queries to the Cloudflare DNS servers instead of the default DNS servers set by your operating system, router, or network provider. As you may know, DNS-over-HTTPS (DoH) protocol performs DNS lookups — i.e., finding the server I.P. address of a certain domain name — over an encrypted connection to a DNS server rather than sending queries in the plaintext. This privacy-focused technology makes it harder for man-in-the-middle attackers, including your ISPs, to manipulate DNS queries, eavesdrop on your Internet connection, or learning what sites you visit. "This helps hide your browsing history from attackers on the network,
Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

June 13, 2022Ravie Lakshmanan
The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar  said  in a report published last week. "The malware leverages a DNS attack technique called 'DNS Hijacking' in which an attacker-controlled DNS server manipulates the response of DNS queries and resolves them as per their malicious requirements." DNS hijacking is a  redirection attack  in which DNS queries to genuine websites are intercepted to take an unsuspecting user to fraudulent pages under an adversary's control. Unlike  cache poisoning , DNS hijacking targets the DNS record of the website on the nameserver, rather than a resolver's cache. Lyceum , also known as Hexane, Spirli
Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec

Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec

December 10, 2015Swati Khandelwal
Someone just DDoSed one of the most critical organs of the Internet anatomy – The Internet's DNS Root Servers . Early last week, a flood of as many as 5 Million queries per second hit many of the Internet's DNS ( Domain Name System ) Root Servers that act as the authoritative reference for mapping domain names to IP addresses and are a total of 13 in numbers. The attack, commonly known as Distributed Denial of Service (DDoS) attack, took place on two separate occasions. The first DDoS attack to the Internet's backbone root servers launched on November 30 that lasted 160 minutes ( almost 3 hours ), and the second one started on December 1 that lasted almost an hour. Massive Attacks Knocked Many of the 13 Root Servers Offline The DDoS attack was able to knock 3 out of the 13 DNS root servers of the Internet offline for a couple of hours. Also Read:  Secure Email Service Paid Hackers $6000 Ransom to Stop DDoS Attacks . The request queries fired
FAQ : DNSChanger Trojan, Impact and Solutions

FAQ : DNSChanger Trojan, Impact and Solutions

February 20, 2012Mohit Kumar
FAQ : DNSChanger Trojan, Impact and Solutions Two days before we (THN) Reported that FBI will shutdown Internet on 8th March , Title seems to be more Attention seeking , Why ? Well ! Our job is to aware you about the Internet Security. If we are looking for some extra attention from our Readers then its part of our small effort to make Internet more secure space for all. Today we are going to Explain all about DNSChanger Trojan, its Impact on Internet users and the biggest challenge for FBI to resolve it, and How a non technical user can check and Restore its computer, Hope you will share this article with your Friends, Followers and On your Site to aware them about this Serial Internet Killer . What is DNS (Domain Name System) ? is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other. When you enter a domain name, such as www.thehackernews.com , in your web browser address bar,
Deals — IT Courses and Software

Sign up for our cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.