DNS attacks can manifest themselves in many ways, all targeted against the Domain Name System that connects the internet. At best they’re an inconvenience, knocking websites offline or preventing access, and at worst they’re costly, as this week’s $150,000 Myetherwallet hijack demonstrated. When you’re interacting in the crypto space, here are a few ways to protect yourself against DNS attacks.
Also read: Myetherwallet Servers Are Hijacked in DNS Attack
How DNS Attacks Work
In the aftermath of Tuesday’s DNS attack, which affected a string of major websites and proved particularly costly to some Myetherwallet users, Cloudflare published a report. “BGP leaks and cryptocurrencies” examines how the attack went down, and how the attackers were able to exploit vulnerabilities in the DNS system. BGP is the Border Gateway Protocol, a standardized gateway for routing information from one part of the internet to another.
With over 700,000 possible routes, there’s a lot of ways to get from A to B or Z or any letter in between. Most of the time, all of these chains, operated by different internet providers, communicate just fine, but occasionally things go wrong. Usually these leaks are localized and are the result of a configuration mistake. But as Cloudflare explains, “Sometimes [a BGP leak] is done with a malicious intent. The prefix can be re-routed through in order to passively analyze the data”. It continues:
During the two hours leak the servers on the IP range only responded to queries for myetherwallet.com. As some people noticed SERVFAIL. Any DNS resolver that was asked for names handled by Route53 would ask the authoritative servers that had been taken over via the BGP leak. This poisoned DNS resolvers whose routers had accepted the route.
Anyone
