How DNS Poisoning works?
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

How DNS Poisoning works?

on

  • 857 views

This tutorial is about the DNS Poisoning attacks and how to prevent it.

This tutorial is about the DNS Poisoning attacks and how to prevent it.

Statistics

Views

Total Views
857
Views on SlideShare
857
Embed Views
0

Actions

Likes
0
Downloads
15
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

How DNS Poisoning works? Document Transcript

  • 1. Monark Modi || +918866601590 || monark111@yahoo.comfacebook.com/monark111 || twitter.com/monark111 Page 1How doesDNS Poisoning Work?Full TutorialPresented By:Monark Modi
  • 2. Monark Modi || +918866601590 || monark111@yahoo.comfacebook.com/monark111 || twitter.com/monark111 Page 2DNS POISONING What do you mean by DNS?The DNS (Domain Name System) translates Internet domain and hostnames to IP addresses. DNS automatically converts the names we type inour Web browser address bar to the IP addresses of Web servers hostingthose sites.In today’s world with botnets, viruses and other nefarious applications thatuse the Domain Name System (DNS) to further their harmful activities. How DNS works?Whenever your computer contacts a domain name like “google.com,” it mustfirst contact its DNS server. The DNS server responds with one or more IPaddresses where your computer can reach google.com. Your computer thenconnects directly to that numerical IP address. DNS converts human-readable addresses like “google.com” to computer-readable IP addresses like“173.194.67.102″.
  • 3. Monark Modi || +918866601590 || monark111@yahoo.comfacebook.com/monark111 || twitter.com/monark111 Page 3Thus now, What is DNS Cache?A DNS cache contains entries that translate Internet domain names (such as"google.com") to IP addresses. The Internets Domain Name System (DNS)involves caching on both Internet DNS servers and on the client computersthat contact DNS servers. These caches provide an efficient way for DNS toefficiently keep the Internet synchronized as the IP addresses of someservers change and as new servers come online.
  • 4. Monark Modi || +918866601590 || monark111@yahoo.comfacebook.com/monark111 || twitter.com/monark111 Page 4So, what if this DNS Cache becomes polluted????This is known as DNS Poisoning! DNS PoisoningA DNS cache can become poisoned if it contains an incorrect entry. Forexample, if an attacker gets control of a DNS server and changes some ofthe information on it — for example, they could say that google.com actuallypoints to an IP address the attacker owns — that DNS server would tell itsusers to look for Google.com at the wrong address. The attacker’s addresscould contain some sort of malicious phishing websiteDNS poisoning like this can also spread. For example, if various Internetservice providers are getting their DNS information from the compromisedserver, the poisoned DNS entry will spread to the Internet service providersand be cached there. It will then spread to home routers and the DNScaches on computers as they look up the DNS entry, receive the incorrectresponse, and store it.
  • 5. Monark Modi || +918866601590 || monark111@yahoo.comfacebook.com/monark111 || twitter.com/monark111 Page 5 DNS Poisoning using Cain and AbelRequirements:1. Tool- Cain and Abel2. A Wifi network3. A windows operating system4. Some Victims :PProcedure:1-After you install cain , open it and go to the sniffer tab2-Click on configure and choose your adapter3-Enable the sniffer (click on the second icon in the toolbar next to the open icon)
  • 6. Monark Modi || +918866601590 || monark111@yahoo.comfacebook.com/monark111 || twitter.com/monark111 Page 64-Right click in the empty area and choose scan MAC addresses. We get the results above.5-Click on the APR Tab6-Click on the + sign in the toolbar to add a new ARP poison routing
  • 7. Monark Modi || +918866601590 || monark111@yahoo.comfacebook.com/monark111 || twitter.com/monark111 Page 77-choose the gateway which is 172.128.254.1 , in the next list you’ll get the IP of thecomputer 2 which is 172.128.254.10 and click ok8-now click on the APR-DNS tab9-click on the + sign
  • 8. Monark Modi || +918866601590 || monark111@yahoo.comfacebook.com/monark111 || twitter.com/monark111 Page 810-enter the web address that you want to spoof , (in this case when the user goes tofacebook he’ll be redirected to myspace) click on resolve type the web address that youwant to redirect the user to it, and click ok, and you’ll get the IP of the web address, thenclick okyoull get something like this:11-now to make this work we have to enable APR poisoning , click on the icon next to thesniffer icon, and everything should work as we expect.
  • 9. Monark Modi || +918866601590 || monark111@yahoo.comfacebook.com/monark111 || twitter.com/monark111 Page 9 What is ARP?Short for Address Resolution Protocol, a network layer protocol used toconvert an IP address into a physical address (called a DLC address, such asan Ethernet address. A host wishing to obtain a physical addressbroadcasts an ARP request onto the TCP/IP network. The host on thenetwork that has the IP address in the request then replies with its physicalhardware address. Disadvantages of DNS PoisoningDNS Poisoning has the limitation that it can only block a whole URL,not a page on a URL as more sophisticated filtering methods can. It is alsovery easy to bypass, as all a user needs to do is change his settings to use aDNS server outside of his ISP connection, and this can be done very easilyby many children today. How to remove DNS Poison In the Start Menu, locate the Command Prompt menu item usuallyfound in the Accessories. Right click on the Command Prompt menuitem and select Run as Administrator.
  • 10. Monark Modi || +918866601590 || monark111@yahoo.comfacebook.com/monark111 || twitter.com/monark111 Page 10 In the command prompt window type the following command:ipconfig /flushdns If the problem persists. Type the following 2 commands:net stop dnscachenet start dnscacheThus, this is how the DNS Poisoning Attack can be used while themethod to prevent it and avoid being a victim of it is shown here.* Just for Educational Purposes. We are not responsible for any wrong doings by you.Credits:Mr. Rahul Tyagi