Hi everyone, I´m a little bit confused about DNS hijacking and domain hijacking, are they the same ?
In the episode of security+ about DNS, DNS hijacking is discussed like an alteration in the NIC right? but what about domain hijacking, what is the difference?
-
DNS question
-
Domain hijacking and DNS hijacking are similar yet different.
For Domain Hijacking.
Say you setup an account on register.com and then bought alexgomez.com from register.com - You set it up as your personal blog and point it at a Wordpress site. Now Daniel Lowrie guesses your register.com password. He then updates the owner details to his email address and his details so register.com thinks he is the real owner and not you. He then points alexgomez.com to playboy.com - You Domain is now hijacked.For DNS Hijacking.
You own alexgomez.com and use 127.0.0.1 and 127.0.02 as name server 1 and 2. Those two servers say that alexgomez.com is a Wordpress site and is on server 127.0.0.3 - Now evil hacker Daniel Lowrie somehow gets access to either your PC or your ISP and they alter the DNS records to say that actually, alexgomez.com is actually at 127.0.0.4 - So when you try to go to alexgomez.com, you PC goes to the wrong server. Your site is still up and running for 99.99% of the internet, it is just you that is going to the wrong site.To take it a step further, evil hacker Daniel Lowrie somehow breaks into 127.0.0.1 and 127.0.0.2 and then updates the records to say that for 100% of the internet. Alexgomez.com is actually at 127.0.0.4
-
@SIMON-TAPLIN ok it is more clear now, but finally the way you show me DNS hijacking so it is similar to DNS poisoning right ? because in poisoning you alter the records or not ?
-
It is similar. However, with DNS poisoning, Daniel Lowrie, evil hacker is somehow adding extra records to your ISP DNS servers or to your local DNS cache to point Alexgomez.com to 127.0.0.4 (normally in a cache somewhere). The DNS cache happens when ISP DNS servers query the root name servers to see where alexgomex.com is and get the poisoned data instead of the actual data. DNS hijacking is altering the correct records.