DNS Spoofing
Printer Friendly Format
Bookmark this page
Back to "Domain Name System"Bases
In order to be able to communicate in the Internet with another computer, one needs its IP address. This address consists of four numbers between 0 and 255, thus for example 194.95.176.226. Since such numbers are not much stamping SAM, a name is nearly always assigned to such an IP address. The procedure for this calls itself DNS (Domain Name System). So the www server of the BSI can be addressed both under http://www.bsi.bund.de and under http://194.95.176.226, since the name is converted with the inquiry into the IP address.
The data bases, in those the computer name the associated IP addresses are assigned and to the IP addresses appropriate computer names, are on name servers so mentioned. For the allocation between names and IP addresses there are two data bases: In the one its IP address is assigned to a name and in the other one a IP address the associated name. These data bases do not have to be consistent with one another! Is from DNS Spoofing the speech, if an aggressor succeeds in falsifying the allocation between a computer name and the associated IP address i.e. that a name is converted in reverse into a wrong IP address and/or.
In order to prepare an attack, the name server with wrong information is fed concerning the alleged IP address of a name. Easy play, where the server does not against-examine whether it had at all asked. Taken place now an inquiry after the name concerned, the server supplies the falsified IP address, and the Anfrager will connect itself with the wrong host. This proceeding is called also DNS Cache Poisoning.
Thus among other things the following attacks are possible:
R-services (rsh, rlogin, rsh)These services permit an authentication on the basis the name of the Clients. The server knows the IP address of the Clients and asks over DNS for its names.
Web SpoofingAn aggressor could assign the address www.bsi.bund.de to a wrong computer, and when inserting http://www.bsi.bund.de this wrong computer would be addressed.
Such a attack sample calls itself also "Pharming".
How easy it is to accomplish DNS Spoofing depends on how the net of the attacking is configured. Since no computer can possess all DNS information of the world, it is always dependent on information of other computers. In order to reduce the frequency from DNS inquiries to, most name servers store information, which received them from other name servers, for a certain time between.
If an aggressor broke in into a name server, he can amend also the provided information. The case of a direct break-down on a name server is to be not further regarded here. Rather it concerns to point weaknesses out in principle in the DNS.
Examples
On the basis two examples different methods are to be pointed out, with those DNS Spoofing are possible.
1. A user on the computer pc.kunde.de wants to access first www.firma-x.de and then the competitor www.firma-y.de. In order to be able to access www.firma-x.de, it only the associated IP address must inquire with its name server ns.kunde.de. This knows the address also not and inquires with the name server of ns.firma x.de. This answers with the IP address, which is passed on and stored of ns.kunde.de to the user. If ns.firma x.de apart from the IP address of www.firma-x.de also still another any IP address for the computer name www.firma-y.de is in the answer package of, then also this is stored. If the user tries now to access www.firma-y.de the own name server ns.kunde.de no more does not inquire with the name server ns.firma y.de, on the contrary it passes the information on, which was put underneath it of ns.firma x.de.
2. Company X knows that a user with the computer pc.kunde.de the competition computer www.firma-y.de wants to access. Company X prevents this, by asking the name server ns.kunde.de for the address www.firma-x.de. This must inquire with the name server ns.firma x.de and gets as back in example 1 also the wrong data concerning www.firma-y.de.
These two examples are based on the fact that a name server accepts also additional data, which it did not request at all. In new versions of certain software (e.g. bind) this error is eliminated, so that this kind is prevented by attacks. It is however possible using IP-Spoofing still to produce wrong DNS entries. This attack is however technically many more fastidious.
Back to topArticles in category "DNS Spoofing"
We found here 15 articles.
Related Websites
We found here 6 related websites.
- 15.8 DNS Spoofing
15.8 DNS Spoofing. Clients using HTTP rely heavily on the Domain Name Service, and are thus generally prone to security attacks based on the deliberate ... - 2000408
DNS spoof successful. ... In much the same way, hackers use this DNS spoof in order to redirect people to their own website. False Positives ... - DNS
DNS spoofing works by forcing a DNS "client" to generate a request to a "server", then spoofing the response from the "server". ... - Secure Internet Programming: Sun's Response to the DNS Spoofing Attack
Let's use the term "DNS spoofing" to mean that a computer on the internet ... DNS spoofing isn't directly related to Java, but might be used as part of a ... - Spoofing: The Complete Documentation
Hi people you might be wondering what DNS ID Hacking (or Spoofing) is. ... If you don't think DNS spoofing is stoppable, read on and read the entire thing ... - Untitled Document
DNS Spoofing is the art of making a DNS entry to point to an another IP than it would be supposed to point to. To understand better, let's see an example. ...
Index | Privacy | Terms Of Use | Sitemap | Feedback
