If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original Facebook page to his own fake page and hence can get access to victims Facebook account.
How To Protect Yourself
- Configure it to be as secure as possible against cache poisoning.
- Manage your DNS servers securely
- Don’t get caught by known vulnerabilities
- Separate the authoritative function from the resolving function using different servers.