logging in or signing up DNS aSGuest83047 Download Post to : URL : Related Presentations : Let's Connect Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Copy embed code: Embed: Flash iPad Dynamic Copy Does not support media & animations Automatically changes to Flash or non-Flash embed WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 1045 Category: Science & Tech.. License: Some Rights Reserved Like it (2) Dislike it (0) Added: January 22, 2011 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript DNS Poisoning : DNS Poisoning By: Brian/Krew What is DNS Poisoning : What is DNS Poisoning DNS is Domain Name System What It Does is convert the Url you put into your address bar into a ip address. Example Google.com would be translates to http://220.127.116.11/ What is DNS Poisoning : What is DNS Poisoning What is DNS Poisoning : What is DNS Poisoning Dns Poisoning Allows you redirect the traffic. So instead of Google.com going to http://18.104.22.168/ you can redirect Google.com to go to http://22.214.171.124/. What is DNS Poisoning : What is DNS Poisoning DNS Cache Poisoning. Computer sends request to Dns “What is the ip for google.com?” The server send back “The ip for google.com is 126.96.36.199.”. The computer gets an answer, and if the answer appears to match the question it asked, completely trusts that it is correct. What is DNS Poisoning : What is DNS Poisoning Computer sends request to Dns “What is the ip for google.com?” The attacker sends back “The ip for google.com is 188.8.131.52” Before the server send back “The ip for google.com is 184.108.40.206.”. The Cache is now poisoned. What is DNS Poisoning : What is DNS Poisoning To Spoof you must match the following Attributes: Returns to same ip was sent to. Know Answer matches question asked. Know Returns with same port number was sent from. Not Know And the unique transaction number matches. Not Know Dan Kaminsky : Dan Kaminsky Dan Kaminsky worked for Cisco and also a Pen tester. Dan Kaminsky discovered a flaw in Dns portocol. The DNS had only 65,536 possible transaction ID’s allowing it to be guessed. Dan was not going to release the details untill 30 days after he patched it on July 21, 2008. Developed DNSSE (Domain Name System Security Extensions) Giving DNS security; How Does This Work : How Does This Work Local Dns Servers cache address so request don’t go to the internet everytime; but if the request isn’t know is sent to the internet DNS. Todays DNS Poisoning : Todays DNS Poisoning Since patched with the DNSSE in July 21, 2008. hackers have developed DNS spoofing. Dns spoofing: “Setting up your own machine to pretend to be a legitmate DNS server directing traffic where ever you'd like it to go” Dns Spoofing : Dns Spoofing Dns spoofing: “Setting up your own machine to pretend to be a legitmate DNS server directing traffic where ever you'd like it to go” How Do We DNS Spoof? : How Do We DNS Spoof? One way to preform a Dns Spoof attack is to use a program know as Cain. How Do We DNS Spoof? : How Do We DNS Spoof? The Setup How Do We DNS Spoof? : How Do We DNS Spoof? First we go to Sniffer Tab Config you adaptor; then you preform a scan. Now we are going to enable the Arp table by clicking the arp tab at the bottom. How Do We DNS Spoof? : How Do We DNS Spoof? Now in the arp table click the + symbol at the top. In the table click the gateway(left) and the victim(right). How Do We DNS Spoof? : How Do We DNS Spoof? On the left side menu select Arp-Dns and click the + button. Now you will put the web address you want to be redirected in the Dns Name Requested textbox. Now click Resolve and put in the address you want it to lead to. How Do We DNS Spoof? : How Do We DNS Spoof? Now click the poison button and you are done. Why? : Why? The main reason people DNS poison/spoof is to redirect the victim to harmful sites; for example phishing sites. Extra? : Extra? http://ketil.froyn.name/poison.html http://recursive.iana.org/ You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.