• Save
Class Project Showcase: DNS Spoofing
Upcoming SlideShare
Loading in...5
×
 

Class Project Showcase: DNS Spoofing

on

  • 2,682 views

done for my class project 91.564 Data Communication II at UMass Lowell

done for my class project 91.564 Data Communication II at UMass Lowell

Statistics

Views

Total Views
2,682
Views on SlideShare
2,681
Embed Views
1

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 1

http://www.ig.gmodules.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Class Project Showcase: DNS Spoofing Class Project Showcase: DNS Spoofing Presentation Transcript

  • 91.564 Project Presentation DNS Spoofing Beibei (Betty) Yang byang1@cs.uml.edu
  • Theoretical DNS recursion
  • DNS in the real world 
  • DNS Spoofing (Pharming)pharming  n. the process of producing medically useful products from genetically modified plants and animals. (dictionary.com) DNS Spoofing The art of making a DNS entry to point to an another IP than it would be supposed to point to. Three techniques: 1. DNS Cache Poisoning2. DNS ID Spoofing 3. Making the attack more accurate with the Birthday Paradox
  • DNS ID Spoofing (Ver. 1) 1. ARP Poison 2. Sniff DNS packets from a certain victim 3. Reply fake DNS packets ./dnsspoof.py <dns_server> <victim> <impersonating_host>
  • DNS ID Spoofing (Ver. 2) 1. Continuous ARP Poison 2. Sniff DNS packets from all victims 3. Reply all victims with fake DNS packets ./dnsspoofv2.py <dns_server> <impersonating_host>
  • Implementation OS: Ubuntu 9.10 Language: Python 2.6.5 Library: Scapy 2.1.1 http://www.secdev.org/projects/scapy/
  • Scapy Example -- Building a packet$ sudo scapyWelcome to Scapy (2.0.1-dev)>>> IP()<IP |>>>> target="www.target.com">>> target="www.target.com/30">>> ip=IP(dst=target)>>> ip<IP dst=<Net www.target.com/30> |>
  • Scapy Example -- Packet Sniffing>>> sniff(filter="icmp and host 66.35.250.151", count=2)<Sniffed: UDP:0 TCP:0 ICMP:2 Other:0>>>> a=_>>> a.nsummary()0000 Ether / IP / ICMP 192.168.5.21 echo-request 0 / Raw0001 Ether / IP / ICMP 192.168.5.21 echo-request 0 / Raw>>> a[1]<Ether dst=00:ae:f3:52:aa:d1 src=00:02:15:37:a2:44type=0x800 |<IP version=4L ihl=5L tos=0x0 len=84 id=0 flags=DF frag=0L ttl=64proto=ICMP chksum=0x3831 src=192.168.5.21 dst=66.35.250.151 options= |<ICMPtype=echo-request code=0 chksum=0x6571 id=0x8745 seq=0x0 |<Rawload=Bxf7gxdax00x07umx08tnx0b x0crx0ex0fx10x11x12x13x14x15x16x17x18x19x1ax1bx1cx1d x1ex1f !x22#$%&()*+,-./01234567 |>>>
  • sudo ./dnsspoof.py 68.87.73.246 192.168.1.104 129.63.176.200sudo ./dnsspoof.py 68.87.71.230 192.168.1.104 129.63.176.200 sudo ./dnsspoofv2.py 68.87.73.246 129.63.176.200sudo ./dnsspoofv2.py 68.87.71.230 129.63.176.200
  • Victim A Switch network Windows XP
  • Corresponded Wireshark Snapshot 
  • Victim B Wireless Jolicloud
  •     Thank you!