What is DNS hijacking and how to know if my router has suffered this attack?

Who I am
Catherine Le Nevez
@catherinelenevez
EXTERNAL REFERENCES:

vgr.com gamedesigning.org Reddit.com

Author and references

Today almost the entire population of the world has access to the Internet and knows how to surf the net. But Browsing the internet implies exposing yourself to certain risks from which no one is exempt.

On many pages you have to leave personal data, addresses and even contact numbers and even credit card numbers, so if we don't protect ourselves well we can being the victim of a cyber attack.

When browsing and searching web pages, the results will always be based on a numeric IP address. That is, when you enter a search, the server provides the IP address of that domain .



DNS are in charge of collecting lookup information and providing addresses. However, a new form of cyber attack known as DNS Hijacking in which we are redirected to different page than the desired one in order to scam all the users.

In this article, we'll teach you what DNS Hijacking is and how to know if your router has suffered this attack, so you don't take any risks while browsing and avoid falling for a scam.

      What are DNS and how do they work?

      Domain Name System (DNS) are a structure in the form of web databases that are used to resolve and organize names on the network. Basically they allow us to know the IP address of the website which we want to access.

      The function of DNS is the store many IP addresses and in making requests to the authority areas of the web in case we do not have the IP address requested by the user, so that when we make a search the DNS returns the IP address corresponding to what we request.



      What is DNS Hijacking?

      When you search for information on the web, ask for an IP address. If you have not previously visited the pages, your computer will communicate with the DNS which will be responsible for providing you with the requested IP address; however, it is known as DNS Hijacking when the request is intercepted by hackers who are responsible for redirecting users to other pages.

      There are several types of DNS hijacking. In some cases, i cybercriminals they hijack the router, computer or DNS of the users in question.

      router hijacking

      This occurs because users almost never change the default username and password, which are usually admin and admin. By exploiting the router, the hacker can easily invade the software device.

      At this point he is able to modify the configuration, including the DNS, specifying the ones he wants. For this reason, every time the user wants to access a page, he runs the risk of being redirected to one fraudulent page .

      local kidnapping

      In this case, the victim of the attack is the user's computer. Through Trojan viruses , the attacker can access the computer's DNS settings. So that, as in the previous case, any navigation attempt can be redirected to another page that the attacker wants.


      How to know if my router is a victim of DNS Hijack?

      Since the attack consists of altering the servers that serve our searches, one of the first options we can take to check if we are a victim of this attack is see the servers responsible for resolving our searches. We can verify this in the local network of our computer.


      Another way to check the DNS that assists our searches is via CMD, using the ipconfig /all command

      One of the best ways to check DNS and confirm if we are being attacked is to run a public query and check the DNS that is responding via i DNS control sites. Some highly recommended ones are DNS Leak Test and What's my DNS Server


      Security measures to avoid DNS hijacking

      First of all, the router's security needs to be strengthened. The next thing is to ask your internet provider to configure your router in bridge mode and configure your router to accept the WAN IP dynamically.

      add a comment of What is DNS hijacking and how to know if my router has suffered this attack?
      Comment sent successfully! We will review it in the next few hours.