Sunday, October 28, 2012

Basics Of Dns poisining for n00bs


Before i proceed to DNS Poisoning lets have some look on basics. So lets take look on what is DNS first. You already know internet runs on TCP/IP model or you can say internet protocol stack.


TCP/IP stack specifies and uses IP addresses (example : 204.87.98.34) to route data between source and destination computer. Every computer in the world that is connected in network have an IP address. Since remembering IP addresses are difficult each IP address is associated with a name like www.google.com which is also known as domain name. Domain names are easy to remember but original TCP/IP stack needs IP address for communication not the domain name
. So a service has been created to convert these domain names into their respective IP addresses, this service is known as Domain Name Service (DNS), a computer or system which provides this service is known as Domain Name System. Now you can call it a coincidence that Domain Name Service and Domain Name System both end having same abbreviation DNS and the best part they don't even conflict with each other while using.

A DNS runs on DNS protocol that translates web address into its respective IP address. Now DNS poisoning or DNS spoofing is technique by which an attacker provides wrong IP address to DNS server for misdirecting users to fake websites. Following are types of DNS poisoning, in the next posts we will cover them detailed.

Intranet DNS Spoofing/Poisoning
Internet DNS Spoofing/Poisoning
Proxy Server DNS Spoofing/Poisoning
DNS Cache Spoofing/Poisoning

Intranet DNS poisoning is done over a LAN. It is usually performed over switched network with help of ARP poisoning. You can use Cain And Abel to perform this kinda attack. Internet DNS poisoning can be done over any system across world by changing DNS entries of victim's computer. In Proxy Server DNS poisoning we change proxy settings of victim to our IP address then redirect victim to fake website. In DNS cache poisoning an attacker changes IP address entries of target website on some specific DNS server then if any person asks that DNS for information it'll provide fake IP information to it.

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...
Blogger Widgets