0
0
Computer Networksknowledge~10 mins

DNS poisoning in Computer Networks - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime
Concept Flow - DNS poisoning
User types website name
DNS query sent to DNS server
DNS server checks cache
Is cache poisoned?
YesReturn fake IP address
User visits wrong site
Return correct IP address
User visits correct site
This flow shows how a DNS query can be intercepted if the DNS server cache is poisoned, causing the user to be sent to a fake website.
Execution Sample
Computer Networks
User types 'example.com'
DNS query sent to DNS server
DNS server returns IP address
User connects to IP address
This shows the normal DNS lookup process where the user gets the correct IP address for a website.
Analysis Table
StepActionDNS Server Cache StatusIP Address ReturnedUser Outcome
1User types 'example.com'N/AN/AN/A
2DNS query sent to DNS serverCache checkedN/AN/A
3Cache poisoned?YesFake IP (attacker site)User visits fake site
4User connects to IPN/AFake IP (attacker site)User at attacker site
5EndN/AN/AUser misled by fake site
💡 Execution stops because DNS server returns fake IP due to cache poisoning.
State Tracker
VariableStartAfter Step 2After Step 3Final
DNS Server CacheCleanCheckedPoisoned with fake IPPoisoned with fake IP
IP Address ReturnedNoneNoneFake IPFake IP
User DestinationNoneNoneFake siteFake site
Key Insights - 3 Insights
Why does the DNS server return a fake IP address?
Because the DNS server cache was poisoned with a fake IP, as shown in execution_table step 3.
Does the user know they are visiting a fake site?
No, the user trusts the IP returned by the DNS server and is unknowingly sent to the fake site (execution_table step 4).
What triggers the DNS server to return the fake IP?
The DNS server cache being poisoned before the query is processed, shown in variable_tracker for DNS Server Cache after step 3.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table at step 3, what IP address does the DNS server return?
ANo IP address
BCorrect IP address
CFake IP address
DUser's IP address
💡 Hint
Check the 'IP Address Returned' column at step 3 in execution_table.
At which step does the user get redirected to the fake website?
AStep 4
BStep 3
CStep 2
DStep 5
💡 Hint
Look at the 'User Outcome' column in execution_table for when the user connects to the IP.
If the DNS server cache was not poisoned, what would change in the execution_table?
AUser would visit fake site at step 4
BIP Address Returned would be correct IP at step 3
CDNS query would not be sent
DUser types a different website
💡 Hint
Refer to the 'DNS Server Cache Status' and 'IP Address Returned' columns in execution_table.
Concept Snapshot
DNS poisoning tricks a DNS server into giving a fake IP address.
User types a website name and sends a DNS query.
If the DNS cache is poisoned, the server returns a wrong IP.
User unknowingly visits a fake, possibly harmful site.
Protect by securing DNS servers and using DNSSEC.
Full Transcript
DNS poisoning happens when a DNS server's cache is corrupted to return a fake IP address for a website. When a user types a website name, their computer asks the DNS server for the IP address. If the DNS server's cache is poisoned, it returns a fake IP address controlled by an attacker. The user then visits the wrong website without knowing it. This can lead to stolen information or malware. The process starts with the user typing a website, sending a DNS query, the server checking its cache, and if poisoned, returning a fake IP. The user connects to the fake site, thinking it is the real one. To prevent this, DNS servers must be secured and technologies like DNSSEC used to verify responses.