DNS hijacking

From Wikipedia, the free encyclopedia

DNS hijacking is the practice of hijacking the resolution of DNS names to IP addresses by the use of rogue DNS servers, particularly for the practice of phishing.

[edit] Rogue DNS server

A rogue DNS server translates legitimate domain names (of search engines, online banks, online brokers, etc.) into IP addresses of malicious websites. Most users depend on DNS servers automatically assigned by their ISPs. Zombie computers use DNS-changing trojans to invisibly switch the automatic DNS server assignment by the ISP to manual DNS server assignment from rogue DNS servers. When users then try to visit legitimate domain names, they are sent to malicious websites that may masquerade as legitimate websites in order to fradulently obtain sensitive information, also known as phishing.^[1]

[edit] See also

Domain hijacking
Domain name system (DNS)
Automatic assignment of DNS servers:
- Dynamic Host Configuration Protocol (DHCP)
- Point-to-Point Protocol (PPP)
Phishing

[edit] References

^ Rogue Domain Name System Servers. Trend Micro. Retrieved on 2007-12-15.

Views

Interaction

Search

This page was last modified 13:33, 18 May 2008 by Wikipedia user Leeyc0. Based on work by Wikipedia user(s) Wcitti, Mindmatrix, Elmindreda, BetacommandBot and Jnavas and Anonymous user(s) of Wikipedia.
All text is available under the terms of the GNU Free Documentation License. (See Copyrights for details.)
Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a U.S. registered 501(c)(3) tax-deductible nonprofit charity.
About Wikipedia
Disclaimers