All folks know what happened yesterday with twitter’s website being redirected to another website as it’s DNS records were hijacked.This is what is supposed to be called as DNS spoofing. Whenever you enter www.Twitter.com in your browser you will be redirected to another website.

As you all know generally whenever you type website address in browser, your browser sends request to DNS server for that IP address after DNS server tells the IP address, browser connects to that IP address and loads the web page. Generally a DNS Server cannot have IP addresses of websites outside of its domain.Then that DNS server requests DNS server of that domain for IP address. This way hacker can mislead requested DNS server cache and most popular websites can be hijacked like this.

How Twitter’s DNS records may have Hijacked

Now hacker having own domain named hacker.net, now this hacker has also hacked DNS server ns.hacker.net with wrongly mapped IP address assigned to Twitter.com=42.56.77.12(example). Now hacker sends request to Twitter’s DNS server to resolve hacker.net, since hacker.net IP address doesn’t exist in twitter DNS server, it asks ns.hacker.net DNS server for DNS records of that website, then along with hacker.net DNS records wrongly mapped record for twitter.com will also be stored to twitter DNS server. Now twitter DNS server will ping hacker specified IP address for twitter.com and shows the webpage shown by the hacker, which may happened with Twitter.

This can be resolved by clearing DNS cache from server. Hacker has some how successfully redirected twitter.com to specified webpage. After resetting Twitter DNS server settings twitter came back to normal.

Related articles