In simple terms, the act of diverting an internet user to a false IP address is called DNS spoofing.
Some in the trade call it “DNS cache poisoning” also, but the more common expression is the former.
This tactic is often carried out as part of a larger cyber attack, and the domain name server (or DNS) is in the center of the operation, faced by users affected by the spoofing.
How Does DNS Spoofing Exactly Happen?
Again, this can be explained in a simple and direct manner with an example:
If you’re the user and you wish to access your personal banking account online, you need to type in the URL of your bank’s site.
You will be taken to a site which resembles your bank’s website with all the same attributes, but it’s actually a fake replica of the legitimate platform.
The person perpetrating the cyber attack would have created a fake webpage resembling your bank’s site, and even as your bank’s IP address could be “xxx.xx.xx.xx” for instance, the fake IP to which you will be taken would be, say,“zzz.zz.zz.zz.”
This is how DNS spoofing is carried by unscrupulous hackers.
DNS Spoofing Can Cause Major Damage
Since you would be unaware that you have entered a fake website and not your bank’s site, you will go ahead and type in your confidential information—such as your username and password—for carrying on normal banking activity.
At the same time, the person at the remote system who mounted this attack will quickly acquire the information—placing you at the grave risk of losing all of the funds you have parked in your bank account.
DNS Spoofing Can’t be Avoided
The unfortunate thing is there is really no way the domain name server can be taken out of the equation, if you were wondering how to get out of this situation.
The very backbone of the World Wide Web is built on the DNS server system, identifying the IP address of the URL and quickly converting that to the equivalent IP address represented in these numbers.
This process is referred to as “DNS query and response packets,” and as long as things are normal, there is nothing to worry about.
The moment a middleman enters the scene and breaks into your system or network, the cyber attack occurs and then you are virtually in the grip of the hacker behind the DNS spoofing attack.
They would then manipulate your browsing to land you to any site on the internet. And when it is an exact replica of the site you are familiar with, you may not suspect anything is wrong.
As described above, it is the act of manipulating the packets that leads you to the catastrophe.
This kind of a cyber attack is carried out by experienced hackers because it involves a lot of software code-writing to intercept the DNS query packets and divert the query to another IP address.