IP address.
In DNS MX Record hijacking, the attacker compromises the DNS server used by the source mail server. The IP address of a server controlled by the attacker is returned instead of the IP address of the domain destination.com. The source mail server cannot realize the trick and it ends up sending the email to the attacker’s server.
The attacker can now read the email and steal sensitive information transferred through the email. And, to make the attack invisible, after stealing the information, the attacker can also send the email to the mail server of Bob’s mail provider.
How to prevent the DNS hijacking attack while transporting emails?
SMTP STS is a recent technology that can effectively prevent this attack. SMTP STS or SMTP Strict Transport Security is a policy that ensures secure SMTP sessions over TLS. Interested readers may find more information on this policy here: What is SMTP STS?
Using DNSSEC or Domain Name System Security Extension is also one possible option to mitigate this attack. (What is DNSSEC, and how does it improve security?)
In DNSSEC, responses from DNS Servers are validated with digital signatures and cryptographic keys. As attackers can’t duplicate cryptographic keys, it will be very difficult for attackers to do DNS MX record hijacking. It can thus prevent the attack altogether.






0 Comments