#1 Trusted Cybersecurity News Platform
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: Search results for DNS resolvers

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers

January 16, 2021Ravie Lakshmanan
The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by using HTTPS to provide privacy, integrity, and 'last mile' source authentication with a client's DNS resolver," according to the NSA's  new guidance . Proposed in 2018,  DoH  is a protocol for performing remote Domain Name System resolution via the HTTPS protocol. One of the major shortcomings with current DNS lookups is that even when someone visits a site that uses HTTPS, the DNS query and its response is sent over an unencrypted connection, thus allowing third-party eavesdropping on the network to track every website a user is visiting. Even worse, the
New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

May 20, 2020Ravie Lakshmanan
Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites. Called NXNSAttack , the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker's choice, potentially causing a botnet-scale disruption to online services. "We show that the number of DNS messages exchanged in a typical resolution process might be much higher in practice than what is expected in theory, mainly due to a proactive resolution of name-servers' IP addresses," the researchers said in the paper. "We show how this inefficiency becomes a bottleneck and might be used to mount a devastating attack against either or both, recursive resolvers and authoritative servers." Following responsible disclosure of NXNSAttack, several of the companies i
New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers

New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers

May 07, 2021Ravie Lakshmanan
Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System (DNS) resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers. The flaw, called  'TsuNAME ,' was discovered by researchers from SIDN Labs and InternetNZ, which manage the national top-level internet domains '.nl' and '.nz' for the Netherlands and New Zealand, respectively. "TsuNAME occurs when domain names are misconfigured with cyclic dependent DNS records, and when vulnerable resolvers access these misconfigurations, they begin looping and send DNS queries rapidly to authoritative servers and other resolvers," the researchers said. A recursive DNS resolver is one of the core components involved in  DNS resolution , i.e., converting a hostname such as www.google.com into a computer-friendly IP address like 142.250.71.36. To achieve this, it responds to a client's r
SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

November 13, 2020Ravie Lakshmanan
A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. Dubbed " SAD DNS attack " (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally destined to a specific domain to a server under their control, thereby allowing them to eavesdrop and tamper with the communications. "This represents an important milestone — the first weaponizable network side channel attack that has serious security impacts," the researchers said. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache." Tracked as CVE-2020-25705, the findings were presented at the ACM Conference on Computer, and Communications Security (CCS '20) held this week. The flaw affects operating systems Linux 3.18-5.10, Windows Serv
World's biggest DDoS attack that Almost Broke the Internet

World's biggest DDoS attack that Almost Broke the Internet

March 29, 2013Mohit Kumar
The last week has seen probably the largest distributed denial-of-service (DDoS) attack ever. A massive 300Gbps was thrown against Internet blacklist maintainer Spamhaus' website but the anti-spam organisation , CloudFlare was able to recover from the attack and get its core services back up and running.  Spamhaus, a group based in both London and Geneva, is a non-profit organisation that aims to help email providers filter out spam and other unwanted content. Spamhaus is pretty resilient, as its own network is distributed across many countries, but the attack was still enough to knock its site offline on March 18. Five national cyber-police-forces are investigating the attacks.  A group calling itself STOPhaus,  an alliance of hactivists and cyber criminals is believed to responsible for bombarding Spamhaus with up to 300Gbps. The attacks on Spamhaus illustrate a larger problem with the vulnerability of systems fundamental to the architecture of the Internet, the D
How to Make Your Internet Faster with Privacy-Focused 1.1.1.1 DNS Service

How to Make Your Internet Faster with Privacy-Focused 1.1.1.1 DNS Service

April 02, 2018Mohit Kumar
Cloudflare, a well-known Internet performance and security company, announced the launch of 1.1.1.1 —world's fastest and privacy-focused secure DNS service that not only speeds up your internet connection but also makes it harder for ISPs to track your web history. Domain Name System (DNS) resolver, or recursive DNS server, is an essential part of the internet that matches up human-readable web addresses with their actual location on the internet, called IP addresses. For example, when you try to open a website, say thehackernews.com, your DNS looks up for the IP address linked to this domain name and load the site. Since the default DNS services provided by ISPs are often slow and insecure, most people rely on alternative DNS providers—such as OpenDNS (208.67.222.222), Comodo DNS (8.26.56.26) and Google (8.8.8.8), to speed up their Internet. But if you use Cloudflare new 1.1.1.1 DNS service , your computer/smartphone/tablet will start resolving domain names within a bla
A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

January 19, 2021Ravie Lakshmanan
Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS  cache poisoning attacks  and remotely execute malicious code. The seven flaws, collectively called " DNSpooq " by Israeli research firm JSOF, echoes previously disclosed weaknesses in the DNS architecture, making Dnsmasq servers powerless against a range of attacks. "We found that Dnsmasq is vulnerable to DNS cache poisoning attack by an off-path attacker (i.e., an attacker that does not observe the communication between the DNS forwarder and the DNS server)," the researchers noted in a report published today. "Our attack allows for poisoning of multiple domain names at once, and is a result of several vulnerabilities found. The attack can be completed successfully under seconds or few minutes, and have no special requirements. We also found
New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks

New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks

November 19, 2021Ravie Lakshmanan
Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The  attack  allows an off-path attacker to inject a malicious DNS record into a DNS cache," University of California researchers Keyu Man, Xin'an Zhou, and Zhiyun Qian  said . "SAD DNS attack allows an attacker to redirect any traffic (originally destined to a specific domain) to his own server and then become a man-in-the-middle (MITM) attacker, allowing eavesdropping and tampering of the communication." The latest flaw affects Linux kernels as well as popular DNS software, including BIND, Unbound, and dnsmasq running on top of Linux, but not when run on other operating systems FreeBSD or Windows. From Kaminsky Attack to SAD DNS DNS cache poisoning, also called DNS spoofing, is a  technique  i
Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

February 26, 2020Mohit Kumar
If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means, from now onwards, Firefox will send all your DNS queries to the Cloudflare DNS servers instead of the default DNS servers set by your operating system, router, or network provider. As you may know, DNS-over-HTTPS (DoH) protocol performs DNS lookups — i.e., finding the server I.P. address of a certain domain name — over an encrypted connection to a DNS server rather than sending queries in the plaintext. This privacy-focused technology makes it harder for man-in-the-middle attackers, including your ISPs, to manipulate DNS queries, eavesdrop on your Internet connection, or learning what sites you visit. "This helps hide your browsing history from attackers on the network,
Millions of Vulnerable Routers aiding Massive DNS Amplification DDoS Attacks

Millions of Vulnerable Routers aiding Massive DNS Amplification DDoS Attacks

April 03, 2014Swati Khandelwal
The Distributed Denial of Service (DDoS) attack is becoming more sophisticated and complex with the increase in the skills of attackers and so, has become one of favorite weapon for the cyber criminals to temporarily suspend or crash the services of a host connected to the Internet and till now nearly every big site had been a victim of this attack. Since 2013, Hackers have adopted new tactics to boost the sizes of Distributed Denial of Service ( DDoS ) attack known as ' Amplification Attack ', leveraging the weakness in the UDP protocols. One of the commonly used by hacker is (Domain Name System) DNS Reflection Denial of Service (DrDoS). WHAT IS DrDoS ATTACK? The DNS Reflection Denial of Service (DrDoS) technique exploits security weaknesses in the Domain Name System (DNS) Internet protocol. Using Internet protocol spoofing, the source address is set to that of the targeted victim, which means all the replies will go to the target and the target of the attack receives re
Massive 167Gbps DDoS attacks against Banking and Financial Institutions

Massive 167Gbps DDoS attacks against Banking and Financial Institutions

May 31, 2013Mohit Kumar
DDoS attackers attempted to bring down an Banking services earlier this week using one of the largest Distributed denial of service attack using DNS reflection technique. Prolexic, the global leader in Distributed Denial of Service (DDoS) protection services, announced  that it has successfully mitigated the largest DNS reflection attack ever recorded, which peaked at 167 Gigabits per second (Gbps). The company did not name the target of the digital assault. DNS-reflection was the attack method used in Operation Stophaus , an attack waged in March by The Spamhaus Project, a Geneva-based not-for-profit organization dedicated to fighting Internet spam . When Spamhaus was assaulted by a vast 300Gbps peak DNS reflection attack, it engaged the help of a content delivery network (CDN) called CloudFlare to help defend itself. The DNS Reflection Denial of Service (DrDoS) technique exploits security weaknesses in the Domain Name System (DNS) Internet protocol. Using Internet protocol spoof
Who Needs a Botnet when you have a 4 Gbps DDoS Cannon?

Who Needs a Botnet when you have a 4 Gbps DDoS Cannon?

April 24, 2013Mohit Kumar
In recent months the DDoS world has shifted from complex small scale Botnet attacks to much larger network based DDoS attacks , perpetrated largely by hijacked web servers. How many of these hijacked servers are out there remains to be seen. However, Incapsula recently got a very good idea of just how large these DDoS cannons are getting. Last Saturday Incapsula mitigated a rather small, 4Gbps DDoS attack, but this time it had a different pattern that attracted our attention. At first sight the attack seemed rather simple, generating 8 million DNS queries per second, to many domains, from spoofed IP addresses (using real domain name servers' IPs). But this time it included a hint about where it was coming from: all that traffic was coming from the same source. Probably on the same network, maybe even the same device. Tracing it to a single Source - TTL Giveaway Incapsula were able to trace the attack to a single source because this time the attackers slipped-u
Google Public DNS Server Traffic Hijacked

Google Public DNS Server Traffic Hijacked

March 17, 2014Mohit Kumar
The Internet is becoming a dangerous place day-by-day and especially for those innocent web users who rely on 3rd party services. The latest bad news is that the World's largest and most widely used Google's free public DNS (Domain name system) resolvers  raised   security red flags yesterday. DNS is the master address list for the Internet, which translates IP addresses into human readable form and vice versa. According to Internet monitoring firm BGPmon , Google's DNS server 8.8.8.8 /32 was hijacked yesterday for 22 minutes. The Google's DNS server handles around 150 billion queries a day and during the 22 minutes of hijacking, millions of Internet users, including Financial institutions , Governments were redirected to BT's (British multinational telecommunications services company) Latin America division in Venezuela and Brazil. It is suspected that Hackers exploited a well-known  vulnerability in the so-called Border Gateway Protocol ( BGP) , which
Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

February 20, 2021Ravie Lakshmanan
Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix  release  (V1.20.108) made available yesterday. Brave ships with a built-in feature called " Private Window with Tor " that integrates the  Tor  anonymity network into the browser, allowing users to access .onion websites, which are hosted on the darknet, without revealing the IP address information to internet service providers (ISPs), Wi-Fi network providers, and the websites themselves. The feature was added in  June 2018 . This is achieved by relaying users' requests for an onion URL through a network of volunteer-run Tor nodes. At the same time, it's worth noting that the feature uses Tor just as a proxy and does not implement most of the privacy protections offered by Tor Browser. But according to a report first
Google Public DNS Server Spoofed for SNMP based DDoS Attack

Google Public DNS Server Spoofed for SNMP based DDoS Attack

September 16, 2014Wang Wei
The Distributed Denial of Service ( DDoS ) attack is becoming more sophisticated and complex, and, according to security experts , the next DDoS vector to be concerned about is SNMP (Simple Network Management Protocol) amplification attacks. Yesterday afternoon, the SANS Internet Storm Center reported SNMP scans spoofed from Google's public recursive DNS server searching for vulnerable routers and other devices that support the protocol with DDoS traffic and are opened to the public Internet. " We are receiving some reports about SNMP scans that claim to originate from 8.8.8.8 (Google's public recursive DNS server), " wrote Johannes Ullrich, dean of research of the SANS Technology Institute and head of the Internet Storm Center. " This is likely part of an attempt to launch a DDoS against Google by using SNMP as an amplifier/reflector. " Simple Network Management Protocol (SNMP) is a UDP-based protocol designed to allow the monitoring of network-
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

February 24, 2021Ravie Lakshmanan
With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called  CNAME Cloaking , the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without users' knowledge and consent but also "increases [the] web security threat surface," said a group of researchers Yana Dimova, Gunes Acar, Lukasz Olejnik, Wouter Joosen, and Tom Van Goethem in a new study. "This tracking scheme takes advantage of a CNAME record on a subdomain such that it is same-site to the including web site," the researchers  said  in the paper. "As such, defenses that block third-party cookies are rendered ineffective." The findings are expected to be presented in July at the 21st Privacy Enhancing Technologies Symposium (PETS 2021). Rise
Deals — IT Courses and Software

Sign up for our cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.