Book-Notes Section 4 Flashcards
What Does the Hosts File Do?
The hosts file is a simple text file on a computer that maps domain names (like example.com) to specific IP addresses before the system checks the Domain Name System (DNS). It acts as a manual override for DNS lookups.
what’s pharming attack?
A pharming attack is a type of cyberattack that redirects users from a legitimate website to a fake one without their knowledge. The goal is to steal login credentials, financial information, or personal data by tricking users into believing they are on a trusted site.
How Does a Pharming Attack Work?
Attackers Manipulate DNS or Hosts Files – Hackers alter the way a device or network translates website names (like bank.com) into IP addresses.
Users Are Redirected to a Fake Website – Even if the victim types the correct URL, they are sent to a malicious website that looks identical to the real one.
Victims Enter Sensitive Information – Thinking it’s the actual website, users enter their usernames, passwords, or banking details.
Hackers Steal the Data – The stolen credentials can be used for identity theft, financial fraud, or further cyberattacks.
Example of a Pharming Attack:
You type www.mybank.com in your browser.
Instead of going to the real bank’s website, you are secretly redirected to a fake but identical-looking site.
You enter your username and password, unknowingly handing them over to hackers.
does manipulating DNS record the same as DNS hijacking?
Not exactly! Manipulating DNS records and DNS hijacking are related but have distinct differences in how they occur. Let’s break it down:
1️⃣ DNS Record Manipulation (DNS Poisoning / Cache Poisoning)
This occurs inside a DNS server or DNS resolver’s cache.
Attackers inject false DNS records so that users are directed to malicious websites without changing the actual DNS server settings.
Often temporary because cache records expire and get updated.
✅ Example:
A hacker tricks a DNS resolver into believing that bank.com points to 192.168.1.50 (instead of its real IP address).
Now, when users try to visit bank.com, the poisoned DNS cache redirects them to a fake phishing website.
🛑 This is also called “DNS Cache Poisoning” or “DNS Spoofing.”
2️⃣ DNS Hijacking (More Severe)
This is a more aggressive attack where attackers gain control of an entire DNS server or change DNS settings on a victim’s device.
It alters actual DNS records or forces users to use malicious DNS servers.