Askeal Logo

DNS Spoofing

DNS Spoofing (also called DNS cache poisoning) is an attack where falsified DNS responses redirect traffic from legitimate domains to malicious IP addresses, allowing attackers to intercept, manipulate, or steal user data.

What is DNS spoofing?How it typically works?Common techniques & variantsImpactFurther reading

What is DNS spoofing?

DNS spoofing corrupts the DNS resolution process by inserting false DNS records into a resolver’s cache. This causes users trying to reach a legitimate domain (e.g., bank.com) to be redirected to a malicious site controlled by the attacker, often used for phishing, malware delivery, or credential theft.

How it typically works?

  1. Cache poisoning: attacker floods a DNS resolver with forged responses until it accepts a malicious record.
  2. Redirection: user requests are resolved to the attacker’s IP instead of the legitimate server.
  3. Exploitation: attacker collects sensitive information or distributes malware from the fake site.

Common techniques & variants

  • DNS cache poisoning: corrupting local or ISP DNS cache with false records.
  • Pharming: redirecting users to fraudulent websites without modifying hosts file.
  • MITM DNS interception: attacker relays and alters DNS queries in real time.

Impact

DNS spoofing can lead to large-scale credential theft, malware distribution, and fraud. Because it can target multiple users simultaneously through poisoned caches, the scope of impact is often broader than individual MITM attacks.

Further reading

Related topics

Man-in-the-Middle (MITM)ARP Poisoning