Hands-on exercises about DNS attacks: details, setup and lessons learned

The Domain Name System (DNS) protocol is vulnerable to attacks that can misdirect users to malicious web sites. Thus, all Computer Science students and Cybersecurity students in particular, should learn how DNS attacks work. This paper discusses the details of hands-on DNS attack exercises, the setup, and the lessons learned. The DNS exercise has many steps, including using the dig command, modifying a DNS server, poisoning a DNS cache, and performing a Kaminsky attack. This paper describes two ways to run the exercise, one on local machines and the other in the cloud using EDURange. This paper also includes student feedback and discussions about possible changes to the exercises.