DNS Hijacking Explained

DNS hijacking (sometimes referred to as DNS redirection) is a type of malicious attack that overrides a computer’s TCP/IP settings to point it at a rogue DNS server, thereby invalidating the default DNS settings. In other words, when an attacker takes control of a computer to alter its DNS settings so that it now points to a rogue DNS server, the process is referred to as DNS hijacking.

As we all know, the “Domain Name System (DNS)” is mainly responsible for translating a user-friendly domain name such as “google.com” to its corresponding IP address “74.125.235.46”. Having a clear idea of DNS and its working can help you better understand what DNS hijacking is all about. If you are fairly new to the concept of DNS, I would recommend reading my previous post on How Domain Name System Works.

How does DNS Hijacking work?

As mentioned before, DNS is the one that is responsible for mapping the user-friendly domain names to their corresponding IP addresses. This DNS server is owned and maintained by your Internet service provider (ISP) and many other private business organizations. By default, your computer is configured to use the DNS server from the ISP. In some cases, your computer may even be using the DNS services of other reputed organizations such as Google. In this case, you are said to be safe and everything seems to work normally.

DNS Hijacking

But, imagine a situation where a hacker or a malware program gains unauthorized access to your computer and changes the DNS settings so that your computer now uses one of the rogue DNS servers that is owned and maintained by the hacker. When this happens, the rogue DNS server may translate domain names of desirable websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites. As a result, when you type the URL of a website in the address bar, you may be taken to a fake website instead of the one you are intending for. Sometimes, this can put you in deep trouble!

What are the Dangers of DNS Hijacking?

The dangers of DNS hijacking can vary and depend on the intention behind the attack. Many ISPs such as “OpenDNS” and “Comcast” use DNS hijacking for introducing advertisements or collecting statistics. Even though this can cause no serious damage to the users, it is considered as a violation of RFC standards for DNS responses.

Other dangers of DNS hijacking include the following attacks:

Pharming: This is a kind of attack where a website’s traffic is redirected to another website that is a fake one. For example, when a user tries to visit a social networking website such as Facebook.com he may be redirected to another website that is filled with pop-ups and advertisements. This is often done by hackers in order to generate advertising revenue.

Phishing: This is a kind of attack where users are redirected to a malicious website whose design (look and feel) matches exactly with that of the original one. For example, when a user tries to log into his bank account, he may be redirected to a malicious website that steals his login details.

How to Prevent DNS Hijacking?

In most cases, attackers make use of malware programs such as a trojan horse to carry out DNS hijacking. These DNS hijacking trojans are often distributed as video and audio codecs, video downloaders, YoTube downloaders or as other free utilities. So, in order to stay protected, it is recommended to stay away from untrusted websites that offer free downloads. The DNSChanger trojan is an example of one such malware that hijacked the DNS settings of over 4 million computers to drive a profit of about 14 million USD through fraudulent advertising revenue.

Also, it is necessary to change the default password of your router, so that it would not be possible for the attacker to modify your router settings using the default password that came with the factory setting.

Installing a good antivirus program and keeping it up-to-date can offer a great deal of protection to your computer against any such attacks.

What if you are already a victim of DNS hijacking?

If you suspect that your computer is infected with a malware program such as DNSChanger, you need not panic. It is fairly simple and easy to recover from the damage caused by such programs. All you have to do is, just verify your current DNS settings to make sure that you are not using any of those DNS IPs that are blacklisted. Otherwise, reconfigure your DNS settings as per the guidelines of your ISP.

Introduction to Domain Name System (DNS)

In the world of Internet and the area of computer networks, you will often come across the term Domain Name System or Domain Name Service which is simply referred to as DNS. The working of DNS forms one of the basic concepts of computer networks whose understanding is very much essential especially if you are planning to get into the field of network security.

In this post, I will try to explain how Domain Name System works in a very simple and easy manner so that even the readers who do not have any prior knowledge of computer networks should be able to understand the concept.

What is a Domain Name System?

A “Domain Name System” or “Domain Name Service” is a computer network protocol whose job is to map a user friendly domain name such as “google.com” to its corresponding IP address like “172.217.26.206”.

How Domain Name System (DNS) Works?

Every computer on the Internet, be it a web server, home computer or any other network device has a unique IP address allotted to it. This IP address is used to establish connections between the server and the client in order to initiate the transfer of data. Whether you are trying to access a website or sending an email, the DNS plays a very important role here.

For example, when you type “www.google.com” on your browser’s address bar, your computer will make use of the DNS server to fetch the IP address of Google’s server that is “172.217.26.206”. After obtaining the IP address, your computer will then establish a connection with the server only after which you see the Google’s home page loading on your browser. The whole process is called DNS Resolution.

With millions of websites on the Internet, it is impossible for people to remember the IP address of every website in order to access it. Therefore, the concept of domain name was introduced so that every website can be identified by its unique name which makes it easy for people to remember. However, the IP address is still used as the base for internal communication by network devices. This is where the DNS comes in to action that works by resolving the user friendly domain name to its corresponding machine friendly IP address.

In simple words, domain names are for humans while IP addresses are for network devices. The “Domain Name System” is a protocol to establish a link between the two. Hence, it is not a surprise that you can even load a website by directly typing its IP address instead of the domain name in the browser’s address bar (give it a try)!

Types of DNS Servers and their Role:

The Domain Name System (DNS) is a distributed database that resides on multiple computers on the Internet in a hierarchical manner. They include the following types:

Root Name Servers:

The root servers represent the top level of the DNS hierarchy. These are the DNS servers that contain the complete database of domain names and their corresponding IP addresses. Currently, there are 13 root servers distributed globally which are named using the letters A,B,C and so on up to M.

Local Name Servers:

Local servers represent the most lower level DNS servers that are owned and maintained by many business organizations and Internet Service providers (ISPs). These local servers are able to resolve frequently used domain names into their corresponding IP addresses by caching the recent information. This cache is updated and refreshed on a regular basis.

How DNS Server Works?

Whenever you type a URL such as “www.google.com” on your browser’s address bar, your computer will send a request to the local name server to resolve the domain name into its corresponding IP address. This request is often referred to as a DNS query. The local name server will receive the query to find out whether it contains the matching name and IP address in its database. If found, the corresponding IP address (response) is returned. If not, the query is automatically passed on to another server that is in the next higher level of DNS hierarchy. This process continues until the query reaches the server that contains the matching name and IP address. The IP address (response) then flows back the chain in the reverse order to your computer.

In rare cases where none of the lower level DNS servers contain the record for a given domain name, the DNS query eventually reaches one of the root name server to obtain the response.

FAQs about Domain Name System:

How does a “root name server” obtain the information about new domains?

Whenever a new domain name is created or an existing one is updated, it is the responsibility of the domain registrar to publish the details and register it with the root name server. Only after this, the information can move down the DNS hierarchy and get updated on the lower level DNS servers.

What is DNS propagation?

Whenever a new domain name is registered or an existing one is updated, the information about the domain must get updated on all the major DNS servers so that the domain can be reached from all parts of the globe. This is called DNS propagation and the whole process can take anywhere from 24 to 72 hours to get completed.

How often the DNS servers are updated to refresh the cache?

There is no specific rule that defines the rate at which DNS servers should be updated. It usually depends on the organization such as the ISP that maintains the server. Most DNS servers are updated on an hourly basis while some may update their databases on a daily basis.

I hope you have now understood the working of DNS in a very convincing manner.

Enable Right Clicking on Websites that Block It

You might remember an experience where you tried to right-click on a web page but got a pop-up message saying that the “right-click functionality has been disabled”. Sometimes you may be trying to copy an image or view the source of a web page but when the right-click is disabled, these things would seem impossible. Bank websites and other sites that require a secure transaction such as a payment gateway are the ones to impose this kind of limited functionality on their pages. In this post, I will show you the ways by which you can easily bypass right-click block feature on any website.

In order to block the right-click activity, most websites make use of JavaScript which is one of the popular scripting languages used to enhance functionality, improve user experience and provide rich interactive features. In addition to this, it can also be used to strengthen the website’s security by adding some of the simple security features such as disabling right-click, protecting images, hiding or masking parts of a web page and so on.

How JavaScript Works?

Before you proceed to the next part which tells you how to disable the JavaScript functionality and bypass any of the restrictions imposed by it, it would be worthwhile for you to take up a minute to understand how JavaScript works.

JavaScript is a client-side scripting language (in most cases), which means when loaded it runs from your own web browser. Most modern browsers including Chrome, Firefox and others support JavaScript so that they can interpret the code and carry out actions that are defined in the script. In other words, it is your browser which is acting upon the instruction of JavaScript to carry out the defined actions such as blocking the right-click activity. So, disabling the JavaScript support on your browser can be a simple solution to bypass all the restrictions imposed by the website.

How to Bypass the Right Click Block?

In order to bypass the right-click block or any other restriction imposed by JavaScript, all you need to do is just disable it in the browser and refresh the same page, so that it now reloads without JavaScript functionality. You are now free to right-click on the page, view its source or even copy any of the images that you may want to.

How to Disable the JavaScript?

Here is a step-by-step procedure to disable JavaScript on different browsers:

Google Chrome:

If you are using Chrome, you can disable the JavaScript by following the steps below:

Click on the Chrome “menu” button (on the top right corner) and select Tools.
From the “Settings” page, click on Show advanced settings…
Now under Privacy, click on the button Content settings…
Chrome Content Settings

Under the JavaScript, select the radio button which says “Do not allow any site to run JavaScript” and click on “Done”.

Mozilla Firefox:

Steps to disable JavaScript on Firefox:

From the menu bar, click on Tools -> Options.
From the Options window, switch to Content tab, uncheck the option which says “Enable JavaScript” and click on “OK”.
Firefox Content Options

Note: Don’t forget to re-enable the JavaScript once again when your job is over. Otherwise, lack of JavaScript support may result in the unusual rendering of web pages.

Tutorial for Changing IP Address

Every time you connect to the Internet, your ISP (Internet Service Provider) assigns an IP address to your computer that makes it possible for websites and applications to keep track of your online activities and also pin point your physical location. Therefore, in order to protect your Internet privacy, it is often necessary to change your IP address.
Ways to Change IP Address

The following are some of the possible ways to change IP address of your computer:
1. Using a VPN: Best Way to Change IP Address

Even though there are several methods to change your IP address, using a VPN proxy is by far the best and most secure way. The following are some of the most popular VPN proxies that most Internet users prefer:

Hide My Ass VPN – Hide My Ass is one of the most popular and trusted VPN service that provides a fast and secure proxy server to allow people to easily change their IP address and also obtain IP address from any country of their choice.

VyprVPN – VyprVPN offers the world’s fastest VPN services to make it possible for its clients to easily change their real IP using a proxy and supports wide range of operating systems.

Advantages of using VPN over other methods:

Fast, secure and highly reliable. All your web traffic is encrypted to keep your data safe from hackers and also protect your privacy.
You can choose from a list of countries and locations to obtain a new IP address. This makes it possible to have your origin from any country of your choice.
Easily bypass regional blocks to access sites and content that are restricted for your location.

2.Change IP by Restarting the Router

Every time you connect to the Internet your ISP may assign a different IP to your computer called dynamic IP. If your Internet connection uses a dynamic IP you can easily change it just by restarting your network device such as modem/router. All you need to do is just turn off its switch for a few seconds and turn it on again to get a different IP address assigned.

Unlike using a VPN, this method has quite a few drawbacks. Your newly assigned IP will have the same location or country as before and therefore if you’re trying to bypass a country block it would not be possible. Moreover, if your Internet connection uses a static IP address, you will get the same IP assigned no matter how many times you restart your router.
3. Using Free Web Proxy to Change Your IP Address

If you cannot afford a VPN service or restarting the router doesn’t get you a new IP, you can try some of the free browser based proxy services that help you change your IP address and surf anonymously. The following are some of the websites that offer free proxy services:

www.rapidproxy.us
www.proxysite.com
www.englandproxy.co.uk
www.filterbypass.me

Drawbacks of using free web proxies

Even though these services come free of cost they also come with some of the following drawbacks:

Most of them are slow and websites take a lot of time to load.
Security and privacy is questionable as most of these free services are unreliable.
Users have to bare with annoying ads and pop-ups as these sites need to generate revenue to compensate for free service.
Limited or no choice over the selection of your IP location.

How to Ensure that Your IP is Changed?

To know your current IP address just type what is my ip addresson Google and your public IP address should be displayed in the search results. Once you’ve successfully implemented one of the above mentioned IP changing methods, you can re-check your IP on Google to make sure that you have got a new one.

Denial of Service (DoS) Attack Explained.

If you are working in the field of computer networks or an enthusiast in the field of network security, you are sure to have come across the term “Denial of Service attack” which is simply referred to as “DoS attack”. Today, this is one of the most common types of network attacks carried out on the Internet. In this post, I will try to explain DoS attack, its variants and methods involved to carry out the same in an easily understandable manner.
What is a DOS Attack?

Denial of Service or DoS attack is a type of network attack designed to flood the target network or machine with a large amount of useless traffic so as to overload it and eventually bring it down to its knees. The main intention behind DoS attack is to make the services running on the target machine (such as a website) temporarily unavailable to its intended users. DoS attacks are usually carried out on web servers that host vital services such as banking, e-commerce or credit card processing.

A common variant of DOS attack known as DDoS (Distributed Denial of Service) attack has become quite popular in the recent days as it is more powerful and hard to detect. A typical DoS attack has a single place of origin while a DDoS attack originates from multiple IP addresses distributed across two or more different network.

Unlike a DoS attack where the attacker uses one single computer or a network to attack the target, a DDoS the attack originates from different pre-compromised computers belonging to different networks. As the attacker uses a number of computer systems from different networks each residing in different geographical locations, the incoming traffic looks natural and therefore becomes hard to detect.
Protection Against DoS/DDoS Attacks:

DoS attacks can easily be handled by blacklisting the target IP (or range of IPs) that are found to be making too many requests/connections (in an unnatural way) to the server. However, DDoS attacks are complicated as the incoming requests seem more natural and distributed. In this case it is hard to find the difference between the genuine and malicious traffic. Taking an action at the firewall level to blacklist suspected IPs may result in false positives and therefore may affect the genuine traffic as well.
Methods Involved in DoS Attack:

The following are some of the commonly employed methods in carrying out a DoS attack:

SYN Flood Attack
Ping Flood Attack (Ping of Death)
Teardrop Attack
Peer-to-Peer Attacks

Difference between Private and Public IP Addresses

Internet Protocol (IP) addresses are usually of two types: Public and Private. If you have ever wondered to know what is the difference between a public and a private IP address, then you are at the right place.

In this post I will try to explain the difference between a public and a private IP address in layman’s terms so that it becomes simple and easy to understand.
What are Public IP Addresses?

A public IP address is assigned to every computer that connects to the Internet where each IP is unique. In this case, there cannot exist two computers with the same public IP address all over the Internet. This addressing scheme makes it possible for the computers to “find each other” online and exchange information. User has no control over the IP address (public) that is assigned to the computer. The public IP address is assigned to the computer by the Internet Service Provider as soon as the computer is connected to the Internet gateway.

A public IP address can be either static or dynamic. A static public IP address does not change and is used primarily for hosting web pages or services on the Internet. On the other hand, a dynamic public IP address is chosen from a pool of available addresses and changes each time one connects to the Internet.

Most Internet users will only have a dynamic IP assigned to their computer which goes off when the computer is disconnected from the Internet. Thus when it is re-connected it gets a new IP.

You can check your public IP address by visiting www.whatismyip.com
What are Private IP Addresses?

An IP address is considered private if the IP number falls within one of the IP address ranges reserved for private networks such as a Local Area Network (LAN). The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private networks (local networks):

10.0.0.0 – 10.255.255.255 (Total Addresses: 16,777,216)

172.16.0.0 – 172.31.255.255 (Total Addresses: 1,048,576)

192.168.0.0 – 192.168.255.255 (Total Addresses: 65,536)

Private IP addresses are used for numbering the computers in a private network including home, school and business LANs in airports and hotels which makes it possible for the computers in the network to communicate with each other.

Say for example, if a network X consists of 10 computers, each of them can be given an IP starting from 192.168.1.1 to192.168.1.10. Unlike the public IP, the administrator of the private network is free to assign an IP address of his own choice (provided the IP number falls in the private IP address range as mentioned above).

Devices with private IP addresses cannot connect directly to the Internet. Likewise, computers outside the local network cannot connect directly to a device with a private IP. It is possible to interconnect two private networks with the help of a router or a similar device that supports Network Address Translation.

If the private network is connected to the Internet (through an Internet connection via ISP), then each computer will have a private IP as well as a public IP. Private IP is used for communication within the network where as the public IP is used for communication over the Internet. Most Internet users with a DSL/ADSL connection will have both a private as well as a public IP.

You can know your private IP by typing ipconfig command in the command prompt. The number that you see against “IPV4 Address:” is your private IP which in most cases will be 192.168.1.1 or 192.168.1.2. Unlike the public IP, private IP addresses are always static in nature.
Common Myth about Private IP Address:

Most people assume that a private IP is the one used for stealth Internet activities and hence cannot be detected. But this is NOT TRUE!.

Unlike what most people think, a private IP address (unlike the private telephone number) is just like any other IP address that belongs to a private network. In reality, there is no public IP address that is impossible to trace as the protocol itself is designed for transparency.

Things to do, When Your Computer Gets Hacked.

As the news of several accountants’ computers being hacked by criminal gangs, the security of your computer on Internet is again under scanner. As the use of Internet is increasing, the chances of your computer getting hacked are also increasing dramatically. There is plenty of file sharing and web surfing that is being done, which makes your computer vulnerable for attack. But this article will help you in deciding what steps to take if your computer gets hacked.
How to Find if Your Computer is Hacked?

It is important to know when your computer has been actually hacked and when it is just behaving weird:

Sometimes it’s just simple and the hacker may leave some note or warning to prove that your computer is actually hacked.
You are not able to access your various mails and social media accounts or at worst you are not able to access your computer.

Steps to Take if Your Computer Gets Hacked:
1. Check the Impact of Damage

After using your computer for some time you would know what type of infection you are facing whether it’s malware, virus, trojan, keylogger (spyware) or anything else. In case a keylogger application is installed, you can use a good antispyware program to remove the infection. However, formatting the hard drive is a better option if the infection is severe. You should try to back-up all the important and confidential files that you may have in your computer before formatting.
2. Damage Control

You should run antivirus programs to determine the extent of damage. Users of Windows OS can run “Malware bytes” which can be found freely and recognizes various harmful applications which antivirus cannot. Sophos Mac antivirus is a free application which can be used by Mac users.
3. Removal

After running several scans you will know what is the extent of damage you are facing. After making the list of viruses and malware that have infected your computer, next thing you need to find is what the impact of damage is. For that you must check the details about those viruses and malware programs to know how they rank in terms of damages they can have in your computer. You must carry out the searches from a neutral device which is not hacked and search for removal tools for those malware programs which have infected your computer. Unfortunately, if after several tries you are not able to clean your computer then the only option left is to re-install your operating system.
4. Offline Hacking

This is true that Internet is the most common way to hack a computer, but it is possible that anybody can hack your system using USB devices. The process of removal of the infection is the same in this case as well. The best precaution you can take to avoid such situations is to password protect your computer OS and BIOS. This makes it difficult for anyone to gain access to your computer.
Conclusion:

The best thing that you can do is to protect your computer by using fully updated antivirus and a good firewall. It is also wise to have a protection tool for windows registry. To protect your files, you can use encryption tools so as to encrypt the data on your hard disk. As there is no 100% foolproof way to prevent hacking it is always better to take precautionary measures.

Beware of Password Hacking Scams and Fake Tutorials

In the era of Internet, emails and social networking have taken a prominent role in almost everyone’s life, especially when it comes to the exchange of information and personal messages. So, hacking the password of an email or social networking account alone can reveal a lot of personal details about the person. Even though hacking is considered illegal, some people are left with no other option. This can be a parent wanting to gain access to the child’s email or someone who need the password of their partner’s social media account.

Well, this post is not about teaching you how to hack! But, it is about making you aware of some of the password hacking scams and fake hacking tutorials that are waiting to exploit those people who are in desperate need of hacking someone’s online password. Here is a list of some of the online scams that you should be aware of and always stay away from:

1. Password Hacking Services:

Many of the scam websites have managed to rank on top of Google for some of the most popular keywords about hacking. As a result, these websites attract a lot of people (who are in need of someone’s password) and promise them to give what they want! As most people do not have any knowledge about hacking, they often believe what is mentioned on these websites is true. Taking this factor as an added advantage, these websites (the so called hacking services) rip off money from the people and never keep up their promise.
Why password hacking services do not work?

The big reason behind why these services never work is that, most of them are owned by those scammers and noob hackers who do not have sound knowledge of how the hacking process actually works. Also, with the level of security adopted by the services like Gmail, Yahoo or Facebook, it is near impossible to to hack their database to obtain the password. Unlike, what is mentioned on most of these websites, it is not possible to use the brute force approach as well. Here is a list of some of the false claims made by most hacking services (in their own words):

We are a group of elite hackers working behind this site capable of cracking any password.
We have found out a certain vulnerability in the Facebook or Gmail servers using which we crack the password.
We use brute force approach to crack the password.
After a long time of research and hard work, we have managed to develop a program that can crack any password with just a click of a button.

If you come across a site making claims as mentioned above, it is a clear sign of a scam service. To identify them more clearly, here is a list of additional signs that you can look for:

Even though some websites claim that their service is free, they demand users to take up an online survey in order to avail the service. In reality, these websites are created to earn money by forcing people to participate in a survey program.
These websites accept payment only through services like Western Union and Money Gram but not via credit card. This is a clear sign of fraud as the money sent through these services cannot be tracked and refund cannot be claimed later.

So, the bottom line is that, if you come across a website that seems too good to be true or show some signs as mentioned above, it is always a better choice to stay away from them.

2. Fake Hacking Tutorials:

This is another type of scam that most teenagers fall victim for, because most teenagers do not have enough money to afford the hacking services and hence go in search of free options and hacking tutorials that can easily get them the password they want. This is where the fake hacking tutorials come into play.

This tutorial is designed cleverly to trick users and make them believe it is true. But, in reality, when someone follows the method prescribed in the tutorial, they lose their own password in attempt to hack someone else’s password. Here is a small example of how this fake tutorial goes:

Here is an easy way to hack any Gmail password. This method was revealed by a professional hacker to me which when tried was successful.

Log in to your Gmail account and compose a new email.
In the subject, type exactly as follows: “password retrieval”.
In the body of the email, type your username followed by your password in the first line.
Leave exactly 3 lines of gap and type in the target username that you want to hack.
Then send this email to: passretrieve2013@gmail.com.

When you do this, the Gmail server gets confused and will send the target password to your inbox within the next few hours.

Now, let us carefully look at how the above trick works. This trick is designed intelligently by a noob hacker and is often posted on many forums and low quality websites. Here, the creator of this tutorial tells a lie to the people that there exists a bug in the Gmail system that can be exploited by using the tutorial. However, by following this trick, innocent victims are sending their own password to the hacker’s email address (passretrieve2013@gmail.com) and thus get trapped.

This is another type of scam that seems too good to be true. Unfortunately, most people would follow this trick and end up handing over their login details to an unknown person. If you’ve ever tried this method, it is a wise option to change your password immediately in order to prevent any further damage.

I hope you like this post. 🙂