Skip to main content

Ethical Hacking - DNS Poisoning

DNS Poisoning is a technique that tricks a DNS server into believing that it has received authentic information when, in reality, it has not. It results in the substitution of false IP address at the DNS level where web addresses are converted into numeric IP addresses. It allows an attacker to replace IP address entries for a target site on a given DNS server with IP address of the server controls. An attacker can create fake DNS entries for the server which may contain malicious content with the same name.
For instance, a user types www.google.com, but the user is sent to another fraud site instead of being directed to Google’s servers. As we understand, DNS poisoning is used to redirect the users to fake pages which are managed by the attackers.

DNS Poisoning − Exercise

Let’s do an exercise on DNS poisoning using the same tool, Ettercap.
DNS Poisoning is quite similar to ARP Poisoning. To initiate DNS poisoning, you have to start with ARP poisoning, which we have already discussed in the previous chapter. We will use DNS spoof plugin which is already there in Ettercap.
Step 1 − Open up the terminal and type “nano etter.dns”. This file contains all entries for DNS addresses which is used by Ettercap to resolve the domain name addresses. In this file, we will add a fake entry of “Facebook”. If someone wants to open Facebook, he will be redirected to another website.
Terminal Step 2 − Now insert the entries under the words “Redirect it to www.linux.org”. See the following example −
Redirect Step 3 − Now save this file and exit by saving the file. Use “ctrl+x” to save the file.
Step 4 − After this, the whole process is same to start ARP poisoning. After starting ARP poisoning, click on “plugins” in the menu bar and select “dns_spoof” plugin.
Plugins Step 5 − After activating the DNS_spoof, you will see in the results that facebook.com will start spoofed to Google IP whenever someone types it in his browser.
Activating It means the user gets the Google page instead of facebook.com on their browser.
In this exercise, we saw how network traffic can be sniffed through different tools and methods. Here a company needs an ethical hacker to provide network security to stop all these attacks. Let’s see what an ethical hacker can do to prevent DNS Poisoning.

Defenses against DNS Poisoning

As an ethical hacker, your work could very likely put you in a position of prevention rather than pen testing. What you know as an attacker can help you prevent the very techniques you employ from the outside.
Here are defenses against the attacks we just covered from a pen tester’s perspective −
  • Use a hardware-switched network for the most sensitive portions of your network in an effort to isolate traffic to a single segment or collision domain.
  • Implement IP DHCP Snooping on switches to prevent ARP poisoning and spoofing attacks.
  • Implement policies to prevent promiscuous mode on network adapters.
  • Be careful when deploying wireless access points, knowing that all traffic on the wireless network is subject to sniffing.
  • Encrypt your sensitive traffic using an encrypting protocol such as SSH or IPsec.
  • Port security is used by switches that have the ability to be programmed to allow only specific MAC addresses to send and receive data on each port.
  • IPv6 has security benefits and options that IPv4 does not have.
  • Replacing protocols such as FTP and Telnet with SSH is an effective defense against sniffing. If SSH is not a viable solution, consider protecting older legacy protocols with IPsec.
  • Virtual Private Networks (VPNs) can provide an effective defense against sniffing due to their encryption aspect.
  • SSL is a great defense along with IPsec.

Summary

In this chapter, we discussed how attackers can capture and analyze all the traffic by placing a packet sniffer in a network. With a real-time example, we saw how easy it is to get the credentials of a victim from a given network. Attackers use MAC attacks, ARP and DNS poisoning attacks to sniff the network traffic and get hold of sensitive information such as email conversations and passwords.

Comments

Post a Comment

Popular posts from this blog

IMPORTANCE AND ADVANTAGES OF SIWES

STUDENTS INDUSTRIAL WORK EXPERIENCE SCHEME (SIWES) The Industrial Training/Students Industrial Work Experience Scheme, IT/SIWES is a new Directorate under the Vice-Chancellor’s Office.  It was established on 20th April, 2012 The Students Industrial Work Experience Scheme (SIWES) is a skills training programme designed to expose and prepare students of universities and other tertiary institutions for the Industrial Work situation they are likely to meet after graduation.  It is also a planned and structured programme based on stated and specific career objectives which are geared towards developing the occupational competencies of participants (Mafe, 2009).  Consequently, the SIWES programme is a compulsory graduation requirement for all Nigerian university students offering certain courses. The Students Industrial Work Experience Scheme (SIWES), is the accepted training programme, which
1 comment
Read more

How to Reset HP Elitebook 8460p BIOS/Administrator Password

Have you  forgotten HP Elitebook 8460p password , bios or administrator account password? How to do if both of them lost? It seems hard though there may be lots of ways that can solve it. But if we talk about it separately, such as in two parts,  HP elitebook password reset  would be not so difficult. Part 1: Reset HP Elitebook 8460p BIOS password Part 2: HP Elitebook 8460p Administrator password recovery Part 1: How to Reset Forgotten HP Elitebook BIOS Password? Generally, there are two ways to  reset forgotten BIOS password .  One  is forcing BIOS/CMOS to reset itself to its stored defaults by removing all power from it.  The other  is to use a program to either locate or identify the password, and reveal it to you or erasing the password clearly. And the most easiest and convenient method for erasing dynamic BIOS/CMOS settings is to remove battery directly from the motherboard. However, it applies to most motherboards besides HP Elitebook BIOS. Fortunately, HP Eliteb
Post a Comment
Read more

Ethical Hacking - TCP/IP Hijacking

TCP/IP Hijacking is when an authorized user gains access to a genuine network connection of another user. It is done in order to bypass the password authentication which is normally the start of a session. In theory, a TCP/IP connection is established as shown below − To hijack this connection, there are two possibilities − Find the seq which is a number that increases by 1, but there is no chance to predict it. The second possibility is to use the Man-in-the-Middle attack which, in simple words, is a type of network sniffing . For sniffing, we use tools like Wireshark or Ethercap . Example An attacker monitors the data transmission over a network and discovers the IP’s of two devices that participate in a connection. When the hacker discovers the IP of one of the users, he can put down the connection of the other user by DoS attack and then resume communication by spoofing the IP of the disconnected user. Shijack In practice, one of the best TCP/IP hijack too
Post a Comment
Read more