What is Cache Poisoning?

Cache poisoning is the term used to describe a common malicious attack against domain name servers (DNS). When poisoning a DNS cache, the hacker is basically placing false data into the DNS server, which can send people to websites they weren’t intending to visit. Certain vulnerabilities have made it difficult for DNS operators to defend against this kind of assault, and hackers have many ways of using this approach for nefarious purposes.

The DNS system can be seen as a middleman between the Internet and the users. When people type in a World Wide Web address, it is usually sent to a local DNS server, which determines the Internet protocol (IP) address is for that website. Internet protocol addresses are a series of numbers, each between one and three digits, separated by dots. In many cases, local DNS servers may not have every address stored locally, so they may might contact a master server to get IP addresses for many requests.

Cache poisoning assaults are usually focused on local DNS servers rather than master servers, partly because they aren’t always as well-secured. There are many different ways for a hacker to poison a DNS cache. For example, if the individual has physical access to the DNS server, he or she could simply alter the cache directly. Another approach is for the hacker to spam the server with fake responses that are formatted as though they come from a master server. Local DNS servers can have a lot of trouble telling the difference between authentic responses and fakes, so they may simply believe that the responses in question are real and add them to the cache.

Sometimes DNS cache poisoning can be fairly random, but often hackers target specific sites. When a hacker targets a specific site, his goal might be to create a fake website that looks identical. This can be used to steal valuable user information like passwords and other things.

Another purpose for cache poisoning may be to send people to websites contaminated with malware. This can include everything from spyware to keyloggers and other software that violates an individual's privacy. Often, web users are wary and clever about avoiding malware infection, but when they visit trusted websites, they may be less vigilant. Hackers are often able to use cache poisoning to make users believe that they are visiting trusted websites when they really aren’t.