What do you
mean by DNS?
The DNS (Domain
Name System) translates Internet domain and host names to IP
addresses. DNS automatically converts the names we
type in our Web browser address bar to the IP addresses of Web servers hosting
those sites.
In today’s
world with botnets, viruses and other nefarious applications that use the
Domain Name System (DNS) to further their harmful activities.
Whenever your computer contacts a domain name like “google.com,” it must first contact its DNS server. The DNS server responds with one or more IP addresses where your computer can reach google.com. Your computer then connects directly to that numerical IP address. DNS converts human-readable addresses like “google.com” to computer-readable IP addresses like “173.194.67.102″.
Whenever your computer contacts a domain name like “google.com,” it must first contact its DNS server. The DNS server responds with one or more IP addresses where your computer can reach google.com. Your computer then connects directly to that numerical IP address. DNS converts human-readable addresses like “google.com” to computer-readable IP addresses like “173.194.67.102″.
Thus now,
What is DNS
Cache?
A DNS cache contains entries that translate
Internet domain names (such as "google.com") to IP
addresses. The Internet's Domain Name System (DNS) involves caching on both Internet DNS servers and on the client computers that contact DNS servers.
These caches provide an efficient way for DNS to efficiently keep the Internet
synchronized as the IP addresses of some servers change and as new servers come
online.
So, what if this DNS Cache becomes polluted????
This is known as DNS Poisoning!
DNS
Poisoning
A DNS cache can become poisoned if it contains an incorrect
entry. For example, if an attacker gets control of a DNS server and changes
some of the information on it — for example, they could say that google.com
actually points to an IP address the attacker owns — that DNS server would tell
its users to look for Google.com at the wrong address. The attacker’s address
could contain some sort of malicious phishing website
DNS poisoning like this can also spread. For example, if various
Internet service providers are getting their DNS information from the
compromised server, the poisoned DNS entry will spread to the Internet service
providers and be cached there. It will then spread to home routers and the DNS
caches on computers as they look up the DNS entry, receive the incorrect
response, and store it.
DNS Poisoning using Cain and Abel
Requirements:
1.
Tool- Cain and Abel
2.
A Wifi network
3.
A windows operating system
4.
Some Victims :P
Procedure:
1-After you install cain ,
open it and go to the sniffer tab
2-Click on configure and choose your adapter
2-Click on configure and choose your adapter
3-Enable the sniffer (click on
the second icon in the toolbar next to the open icon)
4-Right click in the empty area and choose scan MAC addresses. We get the results above.
5-Click on the APR Tab
6-Click on the + sign in the
toolbar to add a new ARP poison routing
7-choose the gateway which is
172.128.254.1 , in the next list you’ll get the IP of the computer 2 which is
172.128.254.10 and click ok
8-now click on the APR-DNS tab
9-click on the + sign
10-enter the web address that
you want to spoof , (in this case when the user goes to facebook he’ll be
redirected to myspace) click on resolve type the web address that you want to
redirect the user to it, and click ok, and you’ll get the IP of the web
address, then click ok
you'll get something like this:
11-now to make this work we
have to enable APR poisoning , click on the icon next to the sniffer icon, and everything should work
as we expect.
What is ARP?
Short for Address Resolution Protocol, a network layer protocol used to convert an IP
address into
a physical address (called a DLC
address, such as an Ethernet address. A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP
network. The host on the network that has the IP address in the request then
replies with its physical hardware address.
Disadvantages of DNS Poisoning
DNS Poisoning has the limitation that it can only block a whole URL, not
a page on a URL as more sophisticated filtering methods can. It is also very
easy to bypass, as all a user needs to do is change his settings to use a DNS
server outside of his ISP connection, and this can be done very easily by many
children today.
How to remove
DNS Poison
-- In the Start
Menu, locate the Command Prompt menu item usually found in
the Accessories. Right click on the Command
Prompt menu item and select Run as Administrator.
-- In the command
prompt window type the following command:
ipconfig
/flushdns
-- If the problem
persists. Type the following 2 commands:
net stop
dnscache
net start
dnscache
Thus, this is how the DNS Poisoning Attack can be
used while the method to prevent it and avoid being a victim of it is shown
here.
* Just for
Educational Purposes. We are not responsible for any wrong doings by you.
No comments:
Post a Comment