•  PRODUCTS & SERVICES 
  • Catbird V-Security
    • Catbird V-Security Overview
    • Virtual Security Assessment
    • HypervisorShield
    • TrustZones
    • VMShield
    • Virtual Machine Policy Compliance
    • Virtual Server Sprawl Manager
  • Website Security
    • Catbird Pharming Shield
    • Vulnerability Monitoring
    • Website Defacement Monitoring
    • Website Hijacking
    • Web Performance Monitoring
    • DNS Server Monitoring
  • Network Access Control
    • Rogue LAN Monitoring
    • IPS/IDS
    • Network Vulnerability Monitoring
    • Rogue WiFi Monitoring
    • Policy and Trusted Scan
  • Catbird Agents
    • Catbird V-Agent Overview
    • Catbird V-Agent
    • Catbird Pocket V-agent
•  PARTNERS 
  • Partner Benefits
  • Become a Partner
  • Partner FAQ
  • Partner Application
  • Partner Login
•  NEWS & EVENTS 
  • Press Releases
  • Events
  • Catbird Blog
  • Security News
  • Videos and Podcasts
•  RESOURCE CENTER 
  • Customer Overview
  • Customer Case Studies
  • White Papers
  • Webinars
  • Analysts Reports

The Catbird Pharming Shield

What is DNS Hijacking?

There are several forms of DNS Hijacking, all of which are protected by the Catbird Pharming Shield.

Rerouting

The simplest form of hijacking is when a user is imperceptibly redirected to a different site than the one he requested. This occurs after a hacker gains access to DNS records on a server and modifies them so that requests for the genuine web page are redirected elsewhere–usually to a fake page that the attacker has created precisely to acquire confidential information from a user.

Hackers gain this access either via social engineering or sophisticated exploitation of Internet routing protocol vulnerabilities which are insecure due to lack of two-way authentication. Typically, pharmers will either hack into a DNS server and reroute legitimate URL requests, or poison the BGP routes and exchange an SSL certificate with the customer. This type of hijacking is difficult to prevent, because administrators control only their own DNS records, and have no control over upstream DNS servers. Catbird detects these attacks within minutes of their occurrence.

The Catbird Pharming/Hijacking Monitor works by taking a snapshot of all of the company’s DNS records. Catbird’s extensive network of agents constantly monitor the Internet, comparing these corporate snapshots with current DNS records every two minutes. If they don’t match, an alert is sent to appropriate security personnel to resolve the problem immediately.

Man in the middle

DNS Hijacking via a “man in the middle” attack is an extremely dangerous–and often undetectable–form of network security breach in which a hacker imperceptibly takes control of a communication between two machines–just as an airplane hijacker takes control of a flight–and masquerades as one of them. Unlike an airplane hijacker, however, the affected parties are not aware the attack is happening.

This form of DNS Hijacking is a leading cause of online identity theft. Unsuspecting users give their credentials to websites of trusted brands, unaware that those websites have been compromised by these voyeuristic hackers. Once armed with users’ confidential data, the thieves can steal assets and destroy reputations. Catbird’s comprehensive Pharming Protection can detect man in the middle attacks immediately.

How does it work?