Client Side Pharming Attacks Detection using Authoritative Domain Name Servers

Abstract

Pharming attacks can be performed at the client-side or into the internet. In pharming attack, attackers need not targeting individual user. If pharming is performed by modifying the DNS entries, than it will be affecting to all users who is accessing the web page through that DNS. We propose an approach to protect user at client-side from pharming attacks by comparing IP addresses, using information provided by local DNS server and a list of IP's provided by the domain's Authenticated Name Servers which are the most trusted DNS servers for a domain. General Terms DNS security, DNS queries, DNS Poisoning, Pharming attacks