Dns poisoning a complete practical guide

  • 1,338 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,338
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. DNS POISONING USING CAINWhat is a DNS Poisoning Attack?A Domain Name System (DNS) poisoning attack, also called DNS spoofing, is when anattacker is able to redirect a victim to different website than the address that he typesinto his browser. For example, a user types www.google.com into their browser, butinstead of being directed to Google’s servers he is instead is sent to a fraudulent site thatmay look like Google’s site but is in actuality it is controlled by the attacker. Theattacker is able to do this by changing the Internet Protocol (IP) address that usuallypoints to Google to the fake IP address of the attacker.The Domain Name System is needed so that networked machines can communicatewith each other. Machines use a unique IP address to identify one another much thesame way a street address is used to locate a business or home. However, people likewords such Google, Yahoo, or YouTube instead of a difficult to remember IP address,like 67.13.142.130, which is easier for a machine to understand. Domain name serversare used to convert names to their corresponding IP address and vice versa.The DNS system is a massive database with billions of domain names and IP addresses.The system handles billions of requests everyday as people surf the internet, sendemail, a create new websites. Even though the DNS system is distributed around theworld, it acts like a single system.An attack can happen by modifying the host tables that are stored on local computers.The host table is list of domains and IP addresses that are used to find the correct IPaddress when a user enters a domain site name. If the so-called host table name systemdoes not have the correct IP address stored locally then it contacts an external DNS forthe correct IP address. If an attacker is able to compromise the entries within the hosttable then they can direct websites names to any IP address they wish.Another method of performing a DNS Poisoning Attack is to target the external DNSservers themselves. External DNS servers exchange information, including name and IPmapping, with each other using zone transfers. Attackers can set up a DNS server withfake IP address entries so that if the targeted DNS server accepts the zone transfer asauthentic, it will then use and distribute the fake IP address assignments to other DNSservers.Here we can see a pictorial representation explaining the concept
  • 2. Working:You can download Cain from here http://www.oxid.it/cain.htmlSTEP1:After you install cain , open it and go to the sniffer tabSTEP2:Click on configure and choose your adapter
  • 3. STEP3: Enable the sniffer (click on the second icon in the toolbar next to the open icon)STEP4:Right click in the empty area and choose scan MAC addresses. We get the resultsabove.STEP5:Click on the APR TabSTEP6:Click on the + sign in the toolbar to add a new ARP poison routing
  • 4. STEP7:Choose the gateway which is 172.128.254.1 , in the next list you’llget the IP of the computer 2 which is 172.128.254.10 and click okSTEP8:Now click on the APR-DNS tabSTEP9:Click on the + sign
  • 5. STEP10:Enter the web address that you want to spoof , (in this case when theuser goes to facebook he’ll be redirected to myspace) click on resolvetype the web address that you want to redirect the user to it, and clickok, and you’ll get the IP of the web address, then click okyoull get something like this:STEP11:Now to make this work we have to enable APR poisoning , click on theicon next to the sniffer icon, and everything should work as we expect.Now the computer 2 will get the routes poisoned and when the user requestshttp://www.facebook.com he will be redirected to http://www.myspace.com
  • 6. Imagine what you can do with this technique.....!!!Note: This Tutorial is for educational purposes only (you’ll beresponsible for your own actions)