Posted on 2012-03-14
I had a partner claim that his small business was subject to a DNS attack where his staff's browsing was redirected to bogus sites. And the attack was done from the OUTSIDE.
I think I understand how such an attack is made... you perform a man-in-the-middle where you intercept the DNS query and then return to the client an IP address to a site that you really want them to go...
But how is that really done if the attack is from the public internet? How do you actually get the clients to send the query to you instead?? I promise I won't turn you in ;-) and I certainly am not going to do this, but how is this physically done?? Don't you have to have a registered DNS server at your control?? And don't you have to be able to hack into the client machines to change their pointers??
Is this a common occurrance?