what is dns spoofing?

I have a web site I was updating and when I refreshed my browser and emptied my cache it still wasn't showing the new changes so I called my web hosting and they told me that my web site was pointing to a IP address I didn't recognize so I ran NeoTrace and found it connected to a computer in Philadelphia. I also found that my site and two other sites when I did the trace traced back to this same IP address. I reported this to my hosting company who said my DNS was spoofed. I'm just trying to understand what that means, and what can I do about it. I also want to know what does the law say about this and if I have the evidence can I report him to the authorities?
Thanks in advance,
Lisa
For a complete answer, look here:

http://www.menandmice.com/9000/9211_dns_spoofing.html

Your hosting company should have security measures in place to prevent this, so you'll need their help. The 'authorities' probably won't be interested.

I suggest changing hosting companies. When you do that, your IP address and name server will change, so the current spoofing won't work. Try http://www.ixwebhosting.com - I use them and I am very happy with them.
all websites in the world are registered with one of the main DNS servers. basically they're big computers that hold ALL the web addresses and which sites and which servers they belong to. that's how internet traffic is routed.

DNS spoofing is when someone purposefully and maliciously changes that info on the DNS server and basically hijacks your site. all the traffic goes to their website now. it's illegal (not sure on the penalties though) so you should report it


Answers:
The most common form of spoofing is to pass a request for data from one computer through another computer so that the site from which info or services is being requested can't accurately identify the source of the request. It's like being able to dial your cell phone from my cell phone so that I can call someone and have your caller id appear on their phone instead of mine. The way it is done is by setting your IP address as a proxy address in my web browser.

You can block your IP address from being used as a proxy address (or your IP provider can). Proxy spoofing is often used by people who don't want where they are surfing to be connected back to their own IP address. It can also be used to get into a site which has blocked a person's IP address, because they have abused the site before.

Another kind of spoofing (the one you are experiencing) uses a redirect command to route traffic from one address to another. In this kind of spoof the point is to get someone (who thinks they are at your site) to provide information or access to their computer to a third computer that is almost surely being run by a hacker who is collecting IP addresses and who knows what all else. Yes it is illegal and yes you can get it stopped. Your provider needs to diable your IP address, give you a new one, and help you find the hack in your HTML that is causing the redirection. Good luck.
You should report it firsts to your ISP. He can clear the cache of their DNS servers, and that should get you back on track. A spoofed DNS usually relies on the cache to do it's works and once the cache is cleared, it will do a new lookup to your proper I.P. address.

To test if this is the problem, have somebody you know check the IP from another location (and different ISP) and see if they wind up at your site, or at the spoofed site.

Catching the actual person that did this is virtually impossible, or at the very least extremely difficult as well as time consuming and costly, and unless you are willing to bear the brunt of those costs, it will not most likely wind up involving catching the person, or fines being involved.

Just be realistic about it, the most important thing is you getting back online.