What is the difference between DNS Spoofing and DNS Cache Poisoning ???
It seems like there are little differences between two attacks, with an exception that DNS server is actually might cache the "fake" response from malicious DNS server.
Asked
Active
Viewed 2.5k times
12
-
Both the terms are used to refer to the same attack where a DNS server accepts and uses incorrect information from a host that has no authority giving that information. But i could not find a solid reference to support this point – Shurmajee Mar 27 '13 at 06:53
1 Answers
15
Despite what Wikipedia may say, they are not the same. Roughly speaking, DNS cache poisoning is one way to do DNS spoofing, but there are other ways to do it, too.
DNS spoofing refers to the broad category of attacks that spoof DNS records. It is a category of attacks (an end goal of the attack, rather than a particular attack mechanism). There are many different ways to do DNS spoofing: compromise a DNS server, mount a DNS cache poisoning attack (such as the Kaminsky attack against a vulnerable server), mount a man-in-the-middle attack (if you can get access to the network), guess a sequence number (maybe making many requests), be a false base station and lie about the DNS server to use, and probably many more.
DNS cache poisoning is one way to do DNS spoofing. DNS cache poisoning refers to the following scenario: many end users use the same DNS cache, and an attacker manages to inject a forged DNS entry into that cache. For example, many ISPs will run a caching DNS server and arrange for their customers (the end users) to all try the ISP's server first. If an attacker can find some way to get the caching DNS server to cache an incorrect record, then the attacker is set: he has managed to successfully spoof DNS records and affect all the end users who rely upon that cache.
How does an attacker manage to poison a DNS cache? Well, one common way is to mount some DNS spoofing attack on the DNS request from the cache to the ultimate DNS server. Yes, I realize this gets a little recursive. :-) Basically, you use any DNS spoofing attack to get the cache to accept a spoofed record (here you can use any DNS spoofing attack that you can). Afterwards, the result is that the cache will cache that bogus record, and consequently many end users will now accept that spoofed record too.
-
So is DNS spoofing a result and DNS poisoning - a way to the result? – Smit Johnth Mar 28 '13 at 12:49