Your SlideShare is downloading. ×
How DNS Poisoning works?
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

How DNS Poisoning works?


Published on

This tutorial is about the DNS Poisoning attacks and how to prevent it.

This tutorial is about the DNS Poisoning attacks and how to prevent it.

Published in: Technology

1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Monark Modi || +918866601590 || || Page 1How doesDNS Poisoning Work?Full TutorialPresented By:Monark Modi
  • 2. Monark Modi || +918866601590 || || Page 2DNS POISONING What do you mean by DNS?The DNS (Domain Name System) translates Internet domain and hostnames to IP addresses. DNS automatically converts the names we type inour Web browser address bar to the IP addresses of Web servers hostingthose sites.In today’s world with botnets, viruses and other nefarious applications thatuse the Domain Name System (DNS) to further their harmful activities. How DNS works?Whenever your computer contacts a domain name like “,” it mustfirst contact its DNS server. The DNS server responds with one or more IPaddresses where your computer can reach Your computer thenconnects directly to that numerical IP address. DNS converts human-readable addresses like “” to computer-readable IP addresses like“″.
  • 3. Monark Modi || +918866601590 || || Page 3Thus now, What is DNS Cache?A DNS cache contains entries that translate Internet domain names (such as"") to IP addresses. The Internets Domain Name System (DNS)involves caching on both Internet DNS servers and on the client computersthat contact DNS servers. These caches provide an efficient way for DNS toefficiently keep the Internet synchronized as the IP addresses of someservers change and as new servers come online.
  • 4. Monark Modi || +918866601590 || || Page 4So, what if this DNS Cache becomes polluted????This is known as DNS Poisoning! DNS PoisoningA DNS cache can become poisoned if it contains an incorrect entry. Forexample, if an attacker gets control of a DNS server and changes some ofthe information on it — for example, they could say that actuallypoints to an IP address the attacker owns — that DNS server would tell itsusers to look for at the wrong address. The attacker’s addresscould contain some sort of malicious phishing websiteDNS poisoning like this can also spread. For example, if various Internetservice providers are getting their DNS information from the compromisedserver, the poisoned DNS entry will spread to the Internet service providersand be cached there. It will then spread to home routers and the DNScaches on computers as they look up the DNS entry, receive the incorrectresponse, and store it.
  • 5. Monark Modi || +918866601590 || || Page 5 DNS Poisoning using Cain and AbelRequirements:1. Tool- Cain and Abel2. A Wifi network3. A windows operating system4. Some Victims :PProcedure:1-After you install cain , open it and go to the sniffer tab2-Click on configure and choose your adapter3-Enable the sniffer (click on the second icon in the toolbar next to the open icon)
  • 6. Monark Modi || +918866601590 || || Page 64-Right click in the empty area and choose scan MAC addresses. We get the results above.5-Click on the APR Tab6-Click on the + sign in the toolbar to add a new ARP poison routing
  • 7. Monark Modi || +918866601590 || || Page 77-choose the gateway which is , in the next list you’ll get the IP of thecomputer 2 which is and click ok8-now click on the APR-DNS tab9-click on the + sign
  • 8. Monark Modi || +918866601590 || || Page 810-enter the web address that you want to spoof , (in this case when the user goes tofacebook he’ll be redirected to myspace) click on resolve type the web address that youwant to redirect the user to it, and click ok, and you’ll get the IP of the web address, thenclick okyoull get something like this:11-now to make this work we have to enable APR poisoning , click on the icon next to thesniffer icon, and everything should work as we expect.
  • 9. Monark Modi || +918866601590 || || Page 9 What is ARP?Short for Address Resolution Protocol, a network layer protocol used toconvert an IP address into a physical address (called a DLC address, such asan Ethernet address. A host wishing to obtain a physical addressbroadcasts an ARP request onto the TCP/IP network. The host on thenetwork that has the IP address in the request then replies with its physicalhardware address. Disadvantages of DNS PoisoningDNS Poisoning has the limitation that it can only block a whole URL,not a page on a URL as more sophisticated filtering methods can. It is alsovery easy to bypass, as all a user needs to do is change his settings to use aDNS server outside of his ISP connection, and this can be done very easilyby many children today. How to remove DNS Poison In the Start Menu, locate the Command Prompt menu item usuallyfound in the Accessories. Right click on the Command Prompt menuitem and select Run as Administrator.
  • 10. Monark Modi || +918866601590 || || Page 10 In the command prompt window type the following command:ipconfig /flushdns If the problem persists. Type the following 2 commands:net stop dnscachenet start dnscacheThus, this is how the DNS Poisoning Attack can be used while themethod to prevent it and avoid being a victim of it is shown here.* Just for Educational Purposes. We are not responsible for any wrong doings by you.Credits:Mr. Rahul Tyagi