Dns poisoning a complete practical guide


Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Dns poisoning a complete practical guide

  1. 1. DNS POISONING USING CAINWhat is a DNS Poisoning Attack?A Domain Name System (DNS) poisoning attack, also called DNS spoofing, is when anattacker is able to redirect a victim to different website than the address that he typesinto his browser. For example, a user types www.google.com into their browser, butinstead of being directed to Google’s servers he is instead is sent to a fraudulent site thatmay look like Google’s site but is in actuality it is controlled by the attacker. Theattacker is able to do this by changing the Internet Protocol (IP) address that usuallypoints to Google to the fake IP address of the attacker.The Domain Name System is needed so that networked machines can communicatewith each other. Machines use a unique IP address to identify one another much thesame way a street address is used to locate a business or home. However, people likewords such Google, Yahoo, or YouTube instead of a difficult to remember IP address,like, which is easier for a machine to understand. Domain name serversare used to convert names to their corresponding IP address and vice versa.The DNS system is a massive database with billions of domain names and IP addresses.The system handles billions of requests everyday as people surf the internet, sendemail, a create new websites. Even though the DNS system is distributed around theworld, it acts like a single system.An attack can happen by modifying the host tables that are stored on local computers.The host table is list of domains and IP addresses that are used to find the correct IPaddress when a user enters a domain site name. If the so-called host table name systemdoes not have the correct IP address stored locally then it contacts an external DNS forthe correct IP address. If an attacker is able to compromise the entries within the hosttable then they can direct websites names to any IP address they wish.Another method of performing a DNS Poisoning Attack is to target the external DNSservers themselves. External DNS servers exchange information, including name and IPmapping, with each other using zone transfers. Attackers can set up a DNS server withfake IP address entries so that if the targeted DNS server accepts the zone transfer asauthentic, it will then use and distribute the fake IP address assignments to other DNSservers.Here we can see a pictorial representation explaining the concept
  2. 2. Working:You can download Cain from here http://www.oxid.it/cain.htmlSTEP1:After you install cain , open it and go to the sniffer tabSTEP2:Click on configure and choose your adapter
  3. 3. STEP3: Enable the sniffer (click on the second icon in the toolbar next to the open icon)STEP4:Right click in the empty area and choose scan MAC addresses. We get the resultsabove.STEP5:Click on the APR TabSTEP6:Click on the + sign in the toolbar to add a new ARP poison routing
  4. 4. STEP7:Choose the gateway which is , in the next list you’llget the IP of the computer 2 which is and click okSTEP8:Now click on the APR-DNS tabSTEP9:Click on the + sign
  5. 5. STEP10:Enter the web address that you want to spoof , (in this case when theuser goes to facebook he’ll be redirected to myspace) click on resolvetype the web address that you want to redirect the user to it, and clickok, and you’ll get the IP of the web address, then click okyoull get something like this:STEP11:Now to make this work we have to enable APR poisoning , click on theicon next to the sniffer icon, and everything should work as we expect.Now the computer 2 will get the routes poisoned and when the user requestshttp://www.facebook.com he will be redirected to http://www.myspace.com
  6. 6. Imagine what you can do with this technique.....!!!Note: This Tutorial is for educational purposes only (you’ll beresponsible for your own actions)