Skip to Content

What's DNS hijacking & Howto defeat that?

DNS is the short name of Domain Name System. It's used to translate the Domain Name to IP address of the server you requested.
For example, if you want to connect to www.google.com in your web browser, it will be tanslate to some IP address like 74.125.71.104 at first, and then get web page contents from that server.

DNS hijacking means your requested Domain Name is translated to a wrong IP address by purpose.
It can be used for malicious purposes such as phishing to acquire your information such as usernames, passwords, and credit card details.

To defeat DNS hijacking, you can
1. Use trusted DNS servers, such as

Google DNS servers: 8.8.8.8 8.8.4.4
OpenDNS servers: 208.67.222.222 208.67.220.220

2. Modify local hosts file to assign IP address for some important Domain Name, such as your bank account web page.
For windows, the file is X:\Windows\system32\drivers\etc\hosts

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
74.125.71.104 www.google.com #this is just an example



forum | by Dr. Radut