Today, almost the entire population of the world has access to the Internet and knows how to surf the net. But surfing the internet implies exposing yourself to certain risks from which no one is exempt.
On many pages it is necessary to leave personal data, addresses and even contact numbers and even credit card numbers, so if we do not protect ourselves well, we can being the victim of a cyber attack.
When browsing and searching web pages, the results will always be based on a numeric IP address. That is, when you enter a search, the server provides the IP address of that domain.
The DNS is responsible for collecting the lookup information and providing the addresses. However, a new form of cyber attack is emerging known as DNS Hijacking in where we are redirected to a page other than the desired one to scam all users.
In this article we will teach you what DNS Hijacking is and how to know if your router has suffered this attack, so as not to take risks while browsing and avoid falling into a scam.
What is DNS and how does it work?
DNS (Domain Name System) is a structure in the form of a web database that is used to resolve and organize names on the network. Basically they allow us to know the IP address of the web to we want to access.
The function of DNS is the store many IP addresses and make requests to the areas of authority of the web in case of not having the IP address requested by the user, so that when we perform a search the DNS will return the IP address corresponding to what we request.
What is DNS hijacking?
When looking for information on the web, ask for an IP address. If you have not previously visited the pages, your computer will contact the DNS which will be in charge of providing you with the requested IP address; however, it is known as DNS Hijacking when the request is intercepted by cyber hackers who are responsible for redirecting users to other pages.
There are several types of DNS hijacking. In some cases, i cybercriminals hijack users' router, computer or DNS.
Hijacking the router
This occurs because users almost never change their default username and password, which are usually admin and admin. By breaching the router, the hacker can easily invade the software device.
At this point he is able to modify the configuration, including DNS, specifying what he wants. For this reason, every time the user wants to access a page, he runs the risk of being redirected to one fraudulent page.
local kidnapping
In this case, the victim of the attack is the user's computer. Through Trojan viruses, the attacker can access the computer's DNS settings. In such a way that, as in the previous case, any navigation attempt can be redirected to another page that the attacker wants.
How do I know if my router is a victim of DNS Hijack?
Since the attack consists of altering the servers that serve our research, one of the first options that can be taken to check if we are victims of this attack is see the servers in charge of solving our searches. We can check this on our computer's local network.
Another way to check the DNS we need for our lookups is through CMD, using the ipconfig / all command
One of the best ways to check DNS and confirm if we are under attack is to run a public query and verify the DNS that are responding via the DNS control sites. Some highly recommended are DNS Leak Tests and What's My DNS Server?
Security measures to avoid DNS hijacking
First, the security of the router needs to be strengthened. The next thing is to ask your internet provider to set up your router in bridge mode and set up your router to take dinamicamente l'IP WAN.
