DNS Poisoning Countermeasures
In following tutorial we will discuss how to keep your self safe from DNS poisoning attacks. Up till now we have covered all four different types of DNS poisoning attacks on this blog, now we will have our look on countermeasures to all of them. First of them is Intranet DNS poisoning that is a DNS poisoning attack over LAN. Since Intranet DNS poisoning attack happens due to ARP poisoning man-in-the-middle attack, all countermeasures to packet sniffing applies to LAN DNS poisoning attack i.e use of switched LAN, use of static ARP and IP table, use SSH encryption, use sniffing detection tools and better use tunneled connection which supports IPSec.
Next is remote DNS poisoning, remote DNS poisoning attack becomes successful due to negligence of victim to unknown files, better make yourself aware of Trojans and Trojan vectoring methods. Download and install applications from trusted websites only, do not open suspicious files and archives. No matter you use Linux or Windows check setup files using archiving program to detect presence of DNS poisoning Trojan.
You might know many proxy sites become live and die on daily basis, most of these proxy sites are only designed for proxy DNS spoofing attacks. Better be aware of proxy sites, use only those proxy setting which are trusted. If you want anonymity online prefer TOR or VPN over proxy sites.
DNS cache poisoning attacks can be countered by people who maintain primary and local DNS servers. All DNS servers should be audited regularly to counter flaw in security, since a small vulnerability can lead to breach in security of DNS server thus leading to DNS poisoning attack. DNS should be provided good security since this method of DNS poisoning can not be countered by users who use it as primary DNS. To provide extra layer of security to DNS server the DNS should be installed with bind-chroot package.
