On October 23rd, 2014, we updated our
By continuing to use LinkedIn’s SlideShare service, you agree to the revised terms, so please take a few minutes to review them.
Monark Modi || +918866601590 || firstname.lastname@example.org/monark111 || twitter.com/monark111 Page 2DNS POISONING What do you mean by DNS?The DNS (Domain Name System) translates Internet domain and hostnames to IP addresses. DNS automatically converts the names we type inour Web browser address bar to the IP addresses of Web servers hostingthose sites.In today’s world with botnets, viruses and other nefarious applications thatuse the Domain Name System (DNS) to further their harmful activities. How DNS works?Whenever your computer contacts a domain name like “google.com,” it mustfirst contact its DNS server. The DNS server responds with one or more IPaddresses where your computer can reach google.com. Your computer thenconnects directly to that numerical IP address. DNS converts human-readable addresses like “google.com” to computer-readable IP addresses like“126.96.36.199″.
Monark Modi || +918866601590 || email@example.com/monark111 || twitter.com/monark111 Page 3Thus now, What is DNS Cache?A DNS cache contains entries that translate Internet domain names (such as"google.com") to IP addresses. The Internets Domain Name System (DNS)involves caching on both Internet DNS servers and on the client computersthat contact DNS servers. These caches provide an efficient way for DNS toefficiently keep the Internet synchronized as the IP addresses of someservers change and as new servers come online.
Monark Modi || +918866601590 || firstname.lastname@example.org/monark111 || twitter.com/monark111 Page 4So, what if this DNS Cache becomes polluted????This is known as DNS Poisoning! DNS PoisoningA DNS cache can become poisoned if it contains an incorrect entry. Forexample, if an attacker gets control of a DNS server and changes some ofthe information on it — for example, they could say that google.com actuallypoints to an IP address the attacker owns — that DNS server would tell itsusers to look for Google.com at the wrong address. The attacker’s addresscould contain some sort of malicious phishing websiteDNS poisoning like this can also spread. For example, if various Internetservice providers are getting their DNS information from the compromisedserver, the poisoned DNS entry will spread to the Internet service providersand be cached there. It will then spread to home routers and the DNScaches on computers as they look up the DNS entry, receive the incorrectresponse, and store it.
Monark Modi || +918866601590 || email@example.com/monark111 || twitter.com/monark111 Page 5 DNS Poisoning using Cain and AbelRequirements:1. Tool- Cain and Abel2. A Wifi network3. A windows operating system4. Some Victims :PProcedure:1-After you install cain , open it and go to the sniffer tab2-Click on configure and choose your adapter3-Enable the sniffer (click on the second icon in the toolbar next to the open icon)
Monark Modi || +918866601590 || firstname.lastname@example.org/monark111 || twitter.com/monark111 Page 64-Right click in the empty area and choose scan MAC addresses. We get the results above.5-Click on the APR Tab6-Click on the + sign in the toolbar to add a new ARP poison routing
Monark Modi || +918866601590 || email@example.com/monark111 || twitter.com/monark111 Page 77-choose the gateway which is 188.8.131.52 , in the next list you’ll get the IP of thecomputer 2 which is 184.108.40.206 and click ok8-now click on the APR-DNS tab9-click on the + sign
Monark Modi || +918866601590 || firstname.lastname@example.org/monark111 || twitter.com/monark111 Page 810-enter the web address that you want to spoof , (in this case when the user goes tofacebook he’ll be redirected to myspace) click on resolve type the web address that youwant to redirect the user to it, and click ok, and you’ll get the IP of the web address, thenclick okyoull get something like this:11-now to make this work we have to enable APR poisoning , click on the icon next to thesniffer icon, and everything should work as we expect.
Monark Modi || +918866601590 || email@example.com/monark111 || twitter.com/monark111 Page 9 What is ARP?Short for Address Resolution Protocol, a network layer protocol used toconvert an IP address into a physical address (called a DLC address, such asan Ethernet address. A host wishing to obtain a physical addressbroadcasts an ARP request onto the TCP/IP network. The host on thenetwork that has the IP address in the request then replies with its physicalhardware address. Disadvantages of DNS PoisoningDNS Poisoning has the limitation that it can only block a whole URL,not a page on a URL as more sophisticated filtering methods can. It is alsovery easy to bypass, as all a user needs to do is change his settings to use aDNS server outside of his ISP connection, and this can be done very easilyby many children today. How to remove DNS Poison In the Start Menu, locate the Command Prompt menu item usuallyfound in the Accessories. Right click on the Command Prompt menuitem and select Run as Administrator.
Monark Modi || +918866601590 || firstname.lastname@example.org/monark111 || twitter.com/monark111 Page 10 In the command prompt window type the following command:ipconfig /flushdns If the problem persists. Type the following 2 commands:net stop dnscachenet start dnscacheThus, this is how the DNS Poisoning Attack can be used while themethod to prevent it and avoid being a victim of it is shown here.* Just for Educational Purposes. We are not responsible for any wrong doings by you.Credits:Mr. Rahul Tyagi