dns spoofing – Page 11 – WindowsTechs.com

How to make a OSPF LSA Spoofing attack in GNS3

Posted on July 13, 2017 by John Smith

I have read recently that OSPF LSA packets can be modified and used to spoof the network. Is there any way to do it ? I have few ideas of writing python code., but I am not sure how to inject that packet into gns3. Can someon… Continue reading How to make a OSPF LSA Spoofing attack in GNS3→

How do I recognize or prevent using a malicious WiFi network?

Posted on July 10, 2017 by RocketNuts

Suppose I unknowingly connect to a malicious WiFi-network. I want to visit my bank’s website. When entering its domain name (or clicking my bookmark), my laptop does a DNS request. My requests covertly gets resolved through s… Continue reading How do I recognize or prevent using a malicious WiFi network?→

Effects of CVE-2017-9445?

Posted on June 29, 2017 by user152180

http://thehackernews.com/2017/06/linux-buffer-overflow-code.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9445

“that could allow remote attackers to potentially trigger a buffer overflow”

Can someone def… Continue reading Effects of CVE-2017-9445?→

DNS cache miss (while DNS Poisoning)

Posted on June 26, 2017 by Jjang

I’m learning how to perform a DNS cache poisoning attack (on an isolated VM environment, for educational purposes only).

I have set a linux machine with Unbound DNS Server configured as a recursive resolver, which I try to… Continue reading DNS cache miss (while DNS Poisoning)→

DNS hijacking to infect computers with ransomware?

Posted on May 23, 2017 by Ploni

While speaking to a friend regarding protecting personal computers from ransomware, I mentioned that I use a limited user account with application white-listing via SRP (I am running Windows). He responded by telling me that … Continue reading DNS hijacking to infect computers with ransomware?→

MITM attack dns spooffing problem

Posted on May 21, 2017 by YoavL

I’v tried to dns spoof and I just keep receiving this:

dnsspoof: listening on eth0 [udp dst port 53 and not src 10.0.0.11]
10.0.0.3.58451 > 10.0.0.138.53: 60823+ A? urlblablabla.com

When I try to enter to the URL in the hosts.txt from my other device which I attacked the URL can’t be reached.

I have already done these steps:

echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 -t //ATTACKED-IP// //Router//
arpspoof -i eth0 -t  //Router// //ATTACKED-IP//
service apache2 start

Continue reading MITM attack dns spooffing problem→

DNS hijack redirect from one HTTPS hostname to another?

Posted on April 5, 2017 by newguy

I just finished reading a Wired article about a DNS hijack where the attackers redirected all bank traffic to servers they hosted on Google Cloud. What I thought was interesting about the story is that they redirected to valid HTTPS websites with certificates for some legitimacy:

But the Brazilian bank attackers exploited their victim’s DNS in a
more focused and profit-driven way. Kaspersky believes the attackers
compromised the bank’s account at Registro.br. That’s the domain
registration service of NIC.br, the registrar for sites ending in the
Brazilian .br top-level domain, which they say also managed the DNS
for the bank. With that access, the researchers believe, the attackers
were able to change the registration simultaneously for all of the
bank’s domains, redirecting them to servers the attackers had set up
on Google’s Cloud Platform.2

With that domain hijacking in place, anyone visiting the bank’s
website URLs were redirected to lookalike sites. And those sites even
had valid HTTPS certificates issued in the name of the bank, so that
visitors’ browsers would show a green lock and the bank’s name, just
as they would with the real sites. Kaspersky found that the
certificates had been issued six months earlier by Let’s Encrypt, the
non-profit certificate authority that’s made obtaining an HTTPS
certificate easier in the hopes of increasing HTTPS adoption.

My question is how did they do that, if you attempt access a website using https then can an attacker who controls the DNS for the hostname redirect your request to another https website without any certificate warning? For example if I type in to my browser https://www.santanderbank.com and an attacker has taken over that DNS, can they redirect that to a valid https://www.santanderb4nk.com without the browser warning me? Assume the attacker has the certificate to www.santanderb4nk.com but does not have the certificate to www.santanderbank.com.

Continue reading DNS hijack redirect from one HTTPS hostname to another?→

Is my DNS being poisoned?

Posted on April 4, 2017 by Kos

Today I was greeted by this error in Firefox:

It was happening consistently for a minute or two, and reverted back to normal. I confirmed that it happens on another browser and that other HTTPS sites open up properly. I wa… Continue reading Is my DNS being poisoned?→

DNS Spoofing Py + scapy not working

Posted on February 28, 2017 by user7519508

I’ve been trying to build a DNS spoofer with python and scapy. What I actually do is, I ARP poison(see the code on the bottom) the victim and I reconfigure the iptables to redirect traffic from her to my machine. If the requ… Continue reading DNS Spoofing Py + scapy not working→

Would DNSSec and DANE be more secure if the same key was published to different TLDs?

Posted on February 2, 2017 by LamonteCristo

Assuming that it’s tough to get many government owned TLDs to cooperate to spoof DANE or DNSSec, would it be wise to publish the same certificate (different SAN names) to various TLDs?

For example:

Company.com
Company.cn
C… Continue reading Would DNSSec and DANE be more secure if the same key was published to different TLDs?→