WhiteHat Security releases free tool to monitor DNS hijackings

DNS or Domain Name System is responsible for translating a domain name such as “Bing.com” to its corresponding IP address. The IP address consists of numbers that give a unique identification to any domain. With DNS holding such a critical significance it is often abused by hackers or malware programs to gain unauthorized access to your computer.

DNS hijacking

With control over the DNS, hijackers can translate the domain name of genuine websites like Banks, Financial institutions, Social Networking, and more to IP addresses of malicious webpages.  Thus, as a user, you will be directed to a fake website instead of the original one and your personal information could be at risk.

It is important to monitor and have protective measures against DNS Hijackings. Whitehat Security has released one such tool called as dnstest.pl.

WhiteHat’s dnstest.pl Tool

WhiteHat Security has released a free tool that lets you monitor whether your DNS servers have been hijacked.  The tool called as “dnstest.pl” (a Perl script) can run out of cron and can monitor one or more hostname-to-IP-address pairs of sites that are critical to you. In case anything happens, the tool will send you an alert via email informing of the threat.

dnstest.pl is a lightweight application and can be easily set up.

  • Make sure you have Net::DNS installed.
  • Edit dnstable.dat and remove the example and replace it with your own. Make sure you use tabs to delimit the strings.
  • Edit dnstest.pl and change the lines $config to match the path of your configuration file. And change the $mail to be your email address where you want alerts sent.
  • Add it to crontab (using crontab -e) with a string similar to this: 0 * * * * /usr/bin/perl /path/to/dnstest.pl >/dev/null. This will run it once an hour, at the top of the hour. You can change it to whatever works best for you, of course.
  • TEST IT! Change dnstable.dat to an incorrect IP address and wait for the alert to come in.  If it doesn’t come in within an hour, you’ve messed something up.

WhiteHat recommends that its users to go through the above instructions at the time of installation.

Download this VPN to secure all your Windows devices and browse anonymously
Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.

5 Comments

  1. JWC

    Ankit,

    It sounds like a great program.
    However, it would be very helpful if some screen shots and more of an explanation of exactly how to set up and use the program.
    E.G, Like this: Make sure you use tabs to delimit the strings.
    and the other lines of text like that.
    Without more explanation many followers will not be able to install and use the program.

    I hope you can help and keep up the great coverage.\

  2. hackerman1

    Are you sure that this is for Windows ?
    Have posted this on the right webbsite ?
    It seems to be for Linux / Unix….

  3. Dan

    It’s tricky to get this one to work under Cygwin with Windows, so I hope this may help those who could use an easier way in their circumstance. This is important as even when tracerts et al say you’re reaching Google’s dns server (e.g.), it’s recently been found some ISPs are managing to hijack port 53 at router/modem level and re-direct to their own hosted versions…so could anyone able to do such hack.

    One simple way Windows users can with fair accuracy confirm/deny DNS hijack even if very low level: open a command prompt (don’t need elevation), and type: nslookup -type=txt which.opendns.com. 208.67.220.220 , hit “enter”; if in the results you see “I am not an OpenDNS server”, you’re being hijacked…if you see some number, with decimal point followed by “aaa” (example: 5.aaa), you’re not being hijacked.

    Almost as good is this test, for both TCP and UDP, again via command prompt: testing TCP, type nslookup, hit enter, and to test UDP next type: server dnstest.nnsquad.org, hit enter, and regardless of result type control.hq ; hit enter, and proceed to test TCP by typing next: Is -d control.hq, hit enter; now compare the ip address you got for UDP and TCP here; if they match, likely no hijack, if they’re different, booyah, hijacked. (If your version of Windows, e.g. 7 Home Premium, doesn’t recognize the “Is” command, instead of ‘Is’ for TCP, type: set type=axfr, hit enter, then type control.hq, hit enter).

    Hope some can find these alternative dns checkers useful, cheers!

  4. Ankit Gupta

    Hi, Thanks for your suggestion. Currently we have covered only the release of the tool. I request you to visit the site for more information. Also, if we review this, I will surely get back to you on “how to install” and so on. Thanks

  5. Ankit Gupta

    Hi, Yes, its for UNIX operating system and the tool can be run out of cron. At times we do cover Non-Windows news which could be beneficial for the visitors.

Leave a Reply

Your email address will not be published. Required fields are marked *


5 + 8 =