dns spoofing – Page 3 – WindowsTechs.com

Risks of getting hostname for SSL cert verification via forward-confirmed reverse DNS lookup of user-supplied IP?

Posted on February 8, 2022 by Shane Spoor

My understanding after reading other questions here is that an attacker would need control of the nameserver or the ability to forge responses from it to exploit this. Could it be abused in other ways?
For context, we have an application t… Continue reading Risks of getting hostname for SSL cert verification via forward-confirmed reverse DNS lookup of user-supplied IP?→

Does using IP address over Tor with a one essential website expose me to any attack surface?

Posted on November 25, 2021 by Jerzy Brzóska

I routinely access www.email-provider-of-my-choice.com via browser over Tor. My browser enforces https-only mode and I opt for never saving my credentials with this provider. I tend to use the domain address and not the Tor address of my … Continue reading Does using IP address over Tor with a one essential website expose me to any attack surface?→

Can this logic with regard to checking Reverse DNS records be flawed?

Posted on November 24, 2021 by Munchkin

For my web app, I hardcode a reverse DNS detection for common web crawlers. And for detecting them I use their Reverse DNS, which I always check whether it includes i.e. google.com. My questions would be:

Can this be a possible security f… Continue reading Can this logic with regard to checking Reverse DNS records be flawed?→

how does a DNS request sniffer see packets destined for DNS server?

Posted on August 25, 2021 by CJ7

If a DNS sniffer/spoofer is running on a network using something like netwag/netwox, how does the sniffer see the request that is destined for the real DNS server?
Wouldn’t the packets for the DNS request be routed only to the DNS server? … Continue reading how does a DNS request sniffer see packets destined for DNS server?→

configuration the evilginx with a rogue dns

Posted on July 21, 2021 by Simone

Recently i’ve just found this nice tool over Github
https://github.com/kgretzky/evilginx2
but it has an internal DNS and only works via malicious links, like sending a link to the user.
my question is, does anyone used this tool (Evilginx)… Continue reading configuration the evilginx with a rogue dns→

router’s hijacked DNS [duplicate]

Posted on July 9, 2021 by Simone

If someone hijacked our router’s DNS, do they somehow capable of reading the traffic with some proxy tools like they use in local network attacks (i.e. sslsplit) because of their controlling over the DNS?
or just SSL/TLS is enough for defe… Continue reading router’s hijacked DNS [duplicate]→

Are purchased domains from third party registrar or hosting managers without Cpanels or VPS or Editable Pages hackable?

Posted on June 22, 2021 by Germania

If someone buys a domain and one may type the URL in but just sees a template page from the registrar but doesn’t purchase a cPanel or VPS or root access or any way to edit the website, does the domain or website managed by a domain seller… Continue reading Are purchased domains from third party registrar or hosting managers without Cpanels or VPS or Editable Pages hackable?→

DNS local cache spoofing with malware or RAT

Posted on June 16, 2021 by Jenia

I was learning networking and knew that browsers don’t have algorithms to convert domain names to IPs. It queries a DNS server.
After that, the computer remembers the IP, so next time the domain is referenced, the browser will use the cach… Continue reading DNS local cache spoofing with malware or RAT→

Does subdomain DNS cache poisoning depend on the authoritative name server ignoring requests for non-existing domains?

Posted on June 7, 2021 by Stefan van den Akker

I’m reading "Introduction to Computer Security", Pearson New International Edition, 1st edition, by Goodrich and Tamassia.
On the subject of DNS cache poisoning, they mention that a "new" attack was discovered in 2008, … Continue reading Does subdomain DNS cache poisoning depend on the authoritative name server ignoring requests for non-existing domains?→

how to change dns adrress via an infected android app

Posted on February 7, 2021 by Simone

it’s the old way
android.provider.Settings.System.putString(getContentResolver(), android.provider.Settings.System.WIFI_USE_STATIC_IP, "0");
android.provider.Settings.System.putString(getContentResolver(), android.provider.Settin… Continue reading how to change dns adrress via an infected android app→