​Ping of Death – Definition

Ping of Death. It sounds as dangerous as it is. It can bring down your server and keep it that way for a long time using a simple tool like the ping command. A bit of modification of the packets of data and your server might have a serious problem.

​What is Ping of Death?

Ping of Death or PoD is a Denial of Service attack (DoS attack) that uses a vulnerability connected to the ping command and the packet size. The attackers use the ping command and send data packets that are oversized. The normal size of an IPv4 packet of data, with its IP header, is 65 535 bytes, so everything that is above, like 65 536 bytes, will cause problems.

In the past, each time a computer received such a packet, it would crash. It was happening on many different OSes like Windows, Linux, Unix, and macOS.

Based on the Internet Protocol (IP), it is impossible to send a packet larger than 65 535 complete.

But as you know, packets are chopped into pieces so they can be transferred faster on the network, and then each can be less than the maximum. The target will try to understand the incoming packets and reconstruct them. While doing it, it will fail because of the size, and it will crash. In a successful attack, the target will experience downtime.

What made the Ping of Death so popular is the fact that the only information the attacker needs to know is the target’s IP address. Having it, it can direct its attack and wait until the victim falls.

​Why Ping of Death exists?

There is a clear reason why such a threat exists – the lack of an intelligent packet reassembly process. It is a general packet reassembly issue. It can easily be used with ping messages, TCP, UDP, and IPX.

​How to mitigate Ping of Death attack?

There are 3 popular ways to mitigate Ping of Death attacks:

  1. You can block the ICMP ping messages altogether. This can be performed from your firewall settings. It is not a great approach because the attack will stop you from using the ping command to diagnose connectivity. Also, the attackers could use other ports for the attack, and you don’t want to block ports that you use for other services.
  2. Stop the fragmented ping messages. If you have an active defense that stops only the fragmented pings, you can still use the command for your networking needs and stay safe from dangerous attacks.
  3. Add a checker to the packet assembly. That way, it will spot the problem and discard the bad packets.

​Is there any other attack using the ping command?

Yes, there are different DoS and DDoS attacks that use the ping command. One popular type is the Ping flood, in which the attacker uses to send many ping packets to the target from multiple locations without waiting for an answer. The target tries to answer all of them, and if there are too many requests, it crashes.


Luckily the original Ping of Death is an attack that was already stopped on most modern OSes. Yet, criminals are not waiting with their hands inside their pockets. There is already a version from 2013 that sends IPv6 packets, so we still need to protect ourselves from it.

Most popular DNS attack types.

All types of cyberattacks are threats to take seriously. But DNS attacks directed to hit your DNS (domain name system) are like lethal RIP bullets impacting your system. Your online business can be fully damaged!

DNS cache poisoning.

This DNS attack type hits through the DNS resolver servers. They can temporarily save a copy of the DNS records related to domains in their cache memory. Those records get cached the time established in their time-to-live (TTL).

Criminals can access the records for altering them (poisoning them) to redirect your legit traffic to a dangerous destination. For instance, they can create an impersonation of your website to cheat your clients and get their sensitive data.

DNSSEC (domain name system security extensions) is very recommended as a defense. It adds cryptographic authentication by digitally signing records for DNS searches.

DDoS Amplification. 

The objective of this type of DNS attack is to increase the traffic to unmanageable levels. There can be different implementations, but frequently, it exploits UDP protocol to harm your DNS. Since UDP doesn’t verify, criminals send a DNS request to ask for the IP address and more DNS information (records) to ensure that the answer becomes uncommonly large. 

Besides, attackers can alter the requests for all those large answers to go directly to the target and to overwhelm it with all the answers it didn’t ask. The final result will be the painful downtime. 

Prevent! An Anycast network can help since such networks include an amount of DNS servers capable of filtering and managing the type of malicious traffic we just described. 

DNS man-in-the-middle attack.

This DNS attack belongs to the so-called hijacking attacks. Its purpose is to redirect legit traffic to malicious destinations. It targets DNS servers. Criminals intercept the communication taking place between a legit DNS server and a user. The user requests the IP address to reach a specific domain, but instead of getting the answer from a legit DNS server, it’s answered by a criminal in the middle. Therefore, the IP address received by the user is not from the place he or she wanted to visit but a different one instead. 

Prevention is crucial! You can start by encrypting the communication with your clients with a strong and efficient tool. Clients can also protect themselves by using a VPN (virtual personal network).

DNS Tunneling.

This DNS attack exploits the DNS to encode (tunnel) malware and other information in DNS requests and responses (client-server way). 

Shortly it operates like this. A criminal registers a domain and points its name server to the criminal’s server. In this last, a tunneling malware software is set up. Criminal infects a computer for it to send a request to a DNS resolver server. DNS requests can freely go in and out of firewalls because DNS is allowed. Here the danger starts. The resolver directs the request to the criminal’s server, and a connection between the target and the criminal gets established via the DNS resolver server. This hides and makes it hard to identify the criminal’s computer because the connection between target-criminal is not direct.

As the first step of prevention, install a DNS effective firewall that can identify intrusions, strange DNS requests, answers, and patterns.


DNS attacks are real and very disruptive. Prevention involves not a single measure but a combination of them. Since DNS is a reliable system, many people don’t see the need to monitor it (its components) and can suffer from one of these DNS attack types. Big mistake! Don’t take its security for granted! Be safe!

Why is the SSL certificate important?

SSL certificate explained

An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates a website’s identity.

Secure Sockets Layer is an information file that generates an encrypted connection browser-server cryptographically. Once they connect, the SSL certificate is validated. That is the way to achieve protected communication between them. So, as a result, only the user and the website could access the user’s info, such as email address, payment details, etc. 

Usually, users are able to recognize visually if a particular website has an SSL certificate. Therefore, there should be an additional “S” appearing after “HTTP.”

How does it work?

A user is visiting your website and connecting to it. In case you have installed an SSL certificate, your server will send it to the user’s device. Then the user’s browser will use the certificate’s public key and determine if it is authentic and produce a symmetric session key. The server, with its private key, can decrypt that symmetric session key. As a result, both parties trust each other. They can use the session key for any additional encryption and decryption. This process is also known as SSL Handshake.

Why is it important?

  • Verifies identity. Websites used for phishing are the way hackers could take advantage of your visitor. With an SSL certificate, the identity of your website is verified. To issue such type of certificate, you go through an official process and validate your identity. Now, your visitors can be sure that they are on a legit website.
  • Protects data. With the implemented encryption, the data transfer with the website is secure. If an attacker access the communication between the user and the server, he won’t be able to understand it. 
  • Protects money transfers. If you manage a business using sensitive data, such as IDs, credit card numbers, etc., the protection of your customers is a must. Hackers, taking your customers’ information can completely damage your company’s trustability and income. Therefore, the Payment Card Industry (PCI) counts it necessary for corporations to suggest powerful mechanisms for encrypting their information.
  • Reliability. Clients are more likely to trust your website if they know that they are protected. It makes a difference by increasing your traffic, success, and of course, sales.
  • Search engine ranking. The security interest is massive. So having or not an SSL certificate affects your visibility in the results.

SSL certificate types 

There are several types of SSL certificates out there. However, we can classify them into three main categories: 

  • DV (Domain validation). This is the most commonly used one. It serves to validate the owner of the domain. It checks the email applied for the registration of the domain. The CA is validating it, and the DV SSL certificate is ready. 
  • OV (Organization validation). In this case, the aim is to validate the organization. The CA is going to check if the organization exists for real. That usually happens by considering the name, address, phone number, and so on.
  • EV (Extended validation). This SSL certificate is on the highest level. Same as OV, the CA will examine the information about the company. It could ask for even more information and give the most reliable possible validation.

DNS Spoofing – What does it mean?

DNS Spoofing explained

You can find DNS Spoofing, also called DNS poisoning. Don’t get confused. It is the same thing. It is a technique applied by hackers which includes imitating a device or a user. That is applied as a cover, with which the disruption of the regular flow of traffic or reaching protected data is not such a difficult task. 

The attacker takes its time to remodel a Domain Name System (DNS) to one, which is spoofed. Therefore when a customer is trying to explore a particular website, it is going to be directed in a completely separate way. Users actually, in most cases, don’t even realize that they are exploring a fake website rather than the legitimate one they requested to visit. The reason for that is these fake sites are created the same as the original website. The differences are not major at all. 

Once the attack is initiated, the whole traffic is guided to the server, which is non-legit. In such a position, hackers are able to perform various malicious actions, such as stealing sensitive data or man-in-the-middle attacks. Furthermore, they can also install a virus on their victim’s device, even placing a worm to increase the harm to more machines.

The different tactics

To achieve their illegal purposes, attackers apply different tactics. Still, the intention is to direct the traffic to forged websites.

  • Tactic through spam. Ads, images, or URLs in spam e-mails can contain infected code. So when a user clicks the URL, the device gets spoofed. Afterward, the code guides the user to fabricated websites. 
  • Tactic through Man-in-the-middle method. The attacker is precisely between the DNS server and the user browser. The goal of this method is to poison the user’s computer and the server at the same time. The code is injected through software which makes the communication poisoned.
  • Tactic through hijacking a DNS server. The attackers access the server, using weak spots, editing the configuration, including a fake entry, and so on. So, as a result, every IP request made for a particular site is going to enter the forged one.

How to protect against cache poisoning (DNS spoofing)?

  • Encryption. Use encryption to keep DNS data, such as queries and responses safe. It is not possible to forge a copy of the security certificate from the original website. 
  • Detection. Softwares for examining the received data are a great solution for a prior step. 
  • DNSSEC. It helps for verifying the authenticity of data via DNS records, which are digitally signed. Thus, DNSSEC keeps the DNS lookup’s authenticity safe.

The main targets are the users of this criminal action. Thus they have to also take some precautions.

  • VPN (Virtual Private Network). Connecting to public networks comes with bigger risks. VPN serves to interact with servers safely and communicate with the domains.
  • Unfamiliar links. Don’t click blindly on suspicious URLs. Such links come from unknown senders, usually attached in spam messages or social media messages. By avoiding clicking on them, users can keep their data safe.
  • DNS cache. The DNS data of often visited sites stay saved for some time. So it could be only the user’s device spoofed and not the server anymore. So to avoid being directed by the browser to fake sites, it is a good idea to clean the DNS cache regularly.

​Virtual private network (VPN) explained

The virtual private network (VPN) is like an invisible protective cloak that you put on, and the origin of your request gets hidden away. For those of you that this comparison is not enough, let us explain to you in detail what a virtual private network (VPN) is. 

​Virtual private network (VPN)

A Virtual private network (VPN) service creates a private network for your public internet connection. When you use a VPN, your data gets encrypted for additional security. That way, it can guarantee your privacy and anonymity. The VPN service will mask your IP address and show another of one of its servers. It is like a tunnel that hides you. Most services offer you multiple servers that you can use to hide behind them. 

​Why do you need a Virtual private network (VPN)? 

Do you want your communications to be safe, even if you are working from a coffee shop in the middle of nowhere on some beach? Yes, it will secure your communication even on a shady Wi-Fi connection. 

Encrypted communication. Make all of your communication safe with the VPN’s encryption. If a hacker gets data packets from you, they will be just a hash they could not read—a random line of letters, symbols, and numbers. 

You can use public internet access points (Wi-Fi of coffee shops, hotels, bus stations, airports, train stations, etc.). Whether it is for personal communication, work, or just browsing the web, your traffic will be protected if you are using a VPN. 

Online banking. On your mobile phone or computer, you most probably have a banking application. Use it only on a secure network. If your router is not safe enough and you are not using an encryption method for the communication, your data could be easily stolen. 

Don’t allow others to track you. Your Internet provider, different websites, and programs could track you and even find your location. If you mask your traffic, you can hide behind an IP address that is on another continent. The cool part is that even if a site or app remembers this IP address, you can change it again, and you can be harder to trace.  

Consume international content. You can change your location (server in use) and pretend to be in many different locations. That way, you can evade geo-limitation and watch TV, digital videos, access country-limited sites, and more. Enjoy a broader scope of entertainment for the price of a VPN service. 

​How can I get a VPN for my devices? 

VPN client for computers and smartphones. 

The software that you need to use is called VPN client. It could be a computer program or a smartphone application. Using this software, you will need to put your credential and use a 2FA if you have enabled it. 

Browser extension

Another option is to use VPN directly from your browser. Some browsers, like the Opera browser, has it pre-built, and you don’t need to search for an extension. It allows you to quickly change your location, just before you go to a specific site. 

Router with a VPN. 

When you want more than a few devices to use VPN, it might be easier to get a router with a VPN. That way, you can set up just one device, and all of the rest will use it directly without the need to install anything extra. 


VPN is a simple, cheap, and easy-to-use solution that secures your communications. It has many benefits and protects you and your data. Use it! It is worth a few dollars per month.

Smurf attack explained.

Cyber attacks are to be taken seriously. Even cute names can hide deadly poison. Today, let’s be aware of the smurf attack.

What is a Smurf attack?

A Smurf attack is a type of distributed denial of service (DDoS) attack. It took its name from the malware used to implement it, the Smurf malware. It targets computer networks to make them unavailable by exploiting vulnerabilities of the Internet Control Message Protocol (ICMP).

A Smurf attack floods a server with the use of ICMP data packets. Too many queries are sent with a forged IP address (the victim’s one) to one or multiple devices. When those devices respond to the server, the traffic attack gets amplified, and the victim falls down.

Which ICMP vulnerability does the Smurf attack exploit?

The ICMP allows devices of a network to detect communication problems. It diagnoses and reports bugs through messages (data packets) sent from the recipient to the source (sender) in case data don’t arrive properly. 

The Ping command is commonly used to test hardware connected to the network (routers, computers, printers, etc.). And Ping works through ICMP. With a ping, you can know if a hardware is reachable. A message is sent (echo request) to a specific device, and then an acknowledgment is received (echo reply). Ping also allows measuring the time that takes for a message to travel from a source to its destination and back.

The issue is, ICMP doesn’t handshake as a part of its process. Therefore, hardware can’t check if the requests they receive are legit.

How does Smurf malware works?

Smurf malware produces a network data packet with a spoofed source IP address. The data packet travels as an ICMP ping message that will order the devices on the network’s nodes to send an answer. This cycle will be repeated using constant requests. Through ICMP echoes, a non-stop loop will be produced to overwhelm the target. 

How does a Smurf attack work?

A Smurf attack starts with the activation of Smurf malware to create the echo request that will have a spoofed IP address changed to the victim’s one. 

The request is sent, and then an intermediate IP broadcast from the network will transmit it to every host on the network.

Since inside the data packet there’s an ICMP ping message, it will request every node in its way an acknowledgment (answer). The more ICMP requests are sent, the more ICMP answers will be received.

Consider that the number of hosts on the intermediate network (IP broadcast) defines the scale of the attack’s amplification. One thousand hosts in such a network will generate one thousand answers for every spoofed echo request.

How to prevent or mitigate a Smurf attack?

  1. Pay attention to indicators like bandwidth trouble, crashing of server or router. A Smurf attack could be right on the corner.
  2. Monitor exhaustively your traffic for inspecting uncommon volume, behavior, signature on data packets.
  3. Get sufficient bandwidth to handle traffic spikes.
  4. Look for redundancy and an efficient load balancing system to distribute traffic.
  5. Protect your DNS servers against DDoS. 
  6. Disable IP addresses broadcast on networks’ routers and firewalls.
  7. Block-directed broadcast traffic trying to access the network.
  8. Set up routers and hosts not to answer ICMP echo requests. 
  9. Set up your operating system to forbid IP broadcast requests (ICMP).
  10. Set up your firewall’s perimeter to block pings incoming from outside the network.


A Smurf attack belongs to the most dangerous category of threats, DDoS attacks. Have a strategy for keeping your network safe. Don’t leave it for tomorrow!

5 Famous Cyber attacks.

Cyber crime never stops. The list of cyber attacks that have badly hit organizations worldwide is sadly long. Even during the hardest moments in this pandemic, the virus stopped the world, but not cyber crime.

Let’s take a look at 5 painfully famous cyber attacks.

Mirai botnet attack (2016). 

A DDoS attack hit Dyn’s servers, a big provider of DNS infrastructure for the Internet, strongly. It took down the Internet in wide regions of the USA and Europe. Twitter, CNN, Reddit, Netflix, and more known websites went down.

Attackers used a peculiar weapon, the Mirai botnet. The botnet army for attacking was not made up of infected computers but Internet of things (IoT) devices. Dyn calculated around 100 thousand malicious endpoints involved in the attack.

WannaCry attack (2017).

This ransomware hit over 200 thousand victims, Microsoft Windows operating system users, in around 150 countries. Attackers used the malicious software “Wanna Cry” to take data hostage until a ransom was paid, combined with a worm to spread it across entire networks. “WannaCry” encrypts victims’ files to block their access. It also can block users out of their devices. Criminals demanded between $300 and $600 worth of bitcoins. 

Microsoft Windows OS showed a vulnerability, and 2 months before the attack, a patch was available. The problem was the people don’t always update. That simple action could have protected users.

SolarWinds scandal (2020).

This cyber intrusion affected around 200 international organizations, including Microsoft, several agencies from the U.S. government, the U.K. government, NATO, the European Parliament, etc. 

Attackers created a back door on a SolarWinds’ software application (Orion). As soon as customers installed the application, attackers could access their systems. This is considered one of the most dangerous cyber attacks due to the high-profile targets it affected and its duration. The scandal exploded in December 2020 after different data breaches were confirmed. But attackers had access and operated for more than 8 months!

Colonial Pipeline’s attack (2021).

Attackers hit the biggest fuel pipeline in the U.S. The company, which moves around 2.5 million of fuel barrels daily from the Gulf Coast to the Eastern Seaboard, had to shut down its systems. Shortages all across the coast, chaos at gas stations, higher prices were the result. 

Attackers got access to the company’s networks through a valid VPN (virtual private network) account. The company employees use such accounts to get remote access. The account and its password seemed to be leaked into the Dark Web. The main hypothesis points that was the way, attackers got it. With a single compromised password, they took down a giant to demand ransom money in exchange.

Kaseya’s ransomware attack (2021).

The target was Kaseya, an IT solutions provider. Approximately 1,500 businesses (Kaseya’s clients) in the world were affected. Attackers demand $70 million to restore the affected data. 

It was a supply chain ransomware attack implemented through a weakness (authentication bypass) in one of the company’s IT tools, VSA. It’s a management and remote monitoring tool to handle networks and endpoints. 

This way, the attackers avoided authentication controls and got a valid session to upload malicious code. They also executed commands through SQL injection. The case is still on. We will see its final consequences soon.


Such panorama is enough to understand we can’t relax. We all, users and online business owners, have to strengthen our security defenses as much as possible. History proves that cyber criminals can target all kinds of victims, from enterprises, governments to regular users. To underestimate cyber criminals could be really painful for your business and pocket!

​What is a Botnet?

Have you heard the word Botnet? Sounds scary, doesn’t it? It is a network of infected devices that cybercriminals use for their malicious purposes. In the world, there are millions of infected devices, maybe even billions, and they are just a few clicks away from attacking their next target!

​What is Botnet?

A Botnet is a network of infected devices (a.k.a. hijacked devices or zombie computers) that cybercriminals first infect and later use for various cyberattacks, including DDoS attacks, SPAM spreading, phishing attacks, and more. The term Botnet is a combination of two words. The first is “bot” short of “robot”, which means an automated machine, that can perform a specific task. The second word is “net”, and it comes from “network” because here we are talking about multiple devices that can be triggered at once.

One feature of the Botnet that makes it so dangerous is that the users of the infected devices usually have no idea that the devices have a malicious code on them. They might not see a spike in resources’ use, or they can think that the devices are experiencing a bug making them work more. Botnets are sneaky threats!

​What are Botnets used for?

  • DDoS attacks. An attacker can use its Botnet or Botnets and create a massive wave of traffic towards a particular target. The goal is to overwhelm the target (usually a server) with so many DNS queries that it won’t be able to answer any, including those coming from regular users, and cause downtime. The scenario could be many times worse if the cybercriminal uses DDoS amplification and create even heavier traffic.
  • Mining cryptocurrency. Your device might be mining cryptocurrency for somebody else, and you might not even know it. It will use your computer’s or mobile phone’s resources, to mine. That way, the attacker has many zombie devices that can bring a lot of profit without investing in hardware or paying any electricity or internet bills.
  • Phishing attacks. Phishing attacks are a tricky way to get someone’s username, password, or other valuable information. A botnet device could write messages on your behalf, asking for information from your contacts, that later the criminals could use to attack their accounts. A phishing attack could also lead your contacts to a fake site that looks a lot like a real one, and there they might input their personal data or bank data.
  • Spam spreaders. A hijacked device can be a spreader of spam messages. If your device runs a hacker’s script, you might be spreading dangerous messages all around the Internet. Those messages could be directed to your contacts on your behalf or anonymously. Either way, your device could be the “recruiter” of new devices for the Botnet, helping phishing attacks happen or spreading information around the Internet.

​How to protect ourselves from Botnet attacks?

  • Use strong passwords and 2FA. Make your passwords as complicated and large as possible. Adding a second factor in your authentication will increase your security a lot.
  • Keep your devices up to date. The latest software (OS included) will have the latest security patches that can protect you better.
  • Don’t click any link or open any attachment that looks strange, even if it comes from a trustworthy contact of yours. It might start malicious software that will infect your devices.
  • Use antivirus software for your devices. It can detect the infected file on time and save you from the infection.
  • Look for abnormal activities on your device. A sudden spike in CPU or GPU use might indicate that the computer is working for somebody else.

What is Deceptive Technology?

Cyberattacks are getting worse each day. DDoS attacks, ransomware, phishing attacks, data breaches are just a few of the biggest dangers a company can face. But can you do something to protect your business against all these ever-evolving cyber attacks? Yes, you can be smart and use the latest method of defending yourself – Deceptive technology! 

​Why deception?

Deception tactics have been in use for thousands of years. Militaries have used deception to trick their opponents on the battlefield to get leverage, direct a battle, move troops to the right place, and many more sneaky tricks. 

The deception works by fooling the attack into doing exactly what the defendant wants it to do. That way, they can negate the negative effect and even counterattack. 

​What is Deceptive Technology? 

Deceptive Technology is a strategic approach to cyber defense. The idea is to identify an attacker, trick the attacker, and diver its efforts to another place, a decoy or a trap. The decoy can be a server, acting similar to the primary server, but specially prepared for these cases, so if it takes an attack, it does not affect the organization in a bad way. 

The big advantage is that Deceptive technology can analyze the behavior of the hackers, even if they are trying to use zero-day attacks, and offer alert and protective behavior automatically, without humans intervening. 

Deceptive Technology is usually additional protection, not the only security measure an organization takes. It is like the last defense, again worse attacks. 

​How does the deception work?

The company using Deceptive Technology sets decoys, hides its main servers, and sets misleading information that attacks could find to redirect the attack. 

It does not work based on logs, and reports like a typical information and event management solution would do. 

When the attack happens and the criminals byte the bait, the security team will receive an alert with information about the current threat. The team can see the tactics the criminals are using, exactly what vulnerability they are exploiting, and have time to prepare a way to shut down the attack. 

​Why is Deception Technology Important?

There are a few main points, why Deceptive Technology is so important:

  • Improved threat detection. The Deception Technology can serve as a periscope that can accurately see the threats and still have broad coverage. It can detect the various types of incoming troubles, not just signature-based ones, that you already have a defense. 
  • Risk awareness. Having this extra security measure, you will see what kind of risks are there for your company. You can test different scenarios like setting up a fake “new product” page and see if somebody tries to hack it and how. 
  • Low false positive. There are a lot fewer alarms set up by false signals. That way, you can save a lot of effort for your security team and not waste their time with false-positive alerts


Deceptive Technology is not for every business. It is mostly focused on the 1% that needs the best possible protection that is out there. It is an additional level of security that not all enterprises can effort, but it can be very effective and save a lot of trouble for the victims. 

What does DNSSEC mean?

DNSSEC meaning

Domain Name Security Extensions (DNSSEC) is a great way to add an extra security layer to your domains. It is an advanced DNS feature, which attaches digital signature (DS) records to the DNS information. So, that way, it can establish the authenticity of the source domain name.

The purpose of which it is designed is to protect Internet users from falsified DNS data. An example of such a case can be a misleading or malicious address rather than the actual address you wanted to visit.

Once you enable DNSSEC, the DNS lookups will have to use a digital signature to prove that the origin of the site’s DNS is accurate. It is very helpful for preventing some types of attacks. In case the digital signature does not match, the browsers will not open the site.

What is the way DNSSEC works?

The main goal of DNSSEC is to protect Internet users from forged DNS data through validating digital signatures inserted in the data. 

Whenever a user wants to enter a domain name in a browser, the resolver verifies the digital signature.

The digital signatures in the data and those that are in the master DNS server have to match. Only then is the data allowed to access the user computer, which is making the request.

These digital signatures are making sure that the user is communicating with the website that he intended to visit.

DNSSEC implements a system of public keys and digital signatures to validate the information. To alongside existing DNS records, it adds new records. These new type records are DNSKEY and RRSIG, which can be retrieved such as the more common records, like A, CNAME, and MX.

They are implemented to digitally “sign” a domain with a method named public-key cryptography.

Nameserver, which is signed, has a private and public key for every zone. Every time a user makes a request, it sends data signed with its private key. Then the recipient unlocks it with the public key. If someone attempts to send misleading information, it won’t be able to unlock appropriately with the public key, so the recipient will identify that the data is false.

What does it protect against?

The fundamental protection that DNSSEC can provide is to limit third parties from falsifying records. It also guarantees the integrity of the domain by restricting:

False zones: DNSSEC can be beneficial for protecting versus malicious DNS attacks that make unfair use of the DNS system and give imitation results for zones. They may not even exist actually, and attackers benefit from gaps between zones. DNSSEC provides mechanisms to avoid gap usage and secures the whole zone. That is also called the authenticated denial of existence. 

DNS Cache Poisoning: This is a form of man-in-the-middle attack. Criminals flood a DNS resolver with fake DNS data. In some cases, these attacks can increase to a large number and set a false end result inside the cache of the DNS resolver. As a result, the DNS resolver gives this malicious and false web address to every user that is requesting that specific website. This continues until the TTL (Time-to-Live) expires.