Saturday, July 26, 2008

DNS SPOOFING



Before discussing what is DNS spoofing, let me first explain what is DNS and what is the importance of it.

DNS (Domain Name Service ) is a service which provide the facility of giving u IP addresses of named domain. Let me explain it in more detail by taking an example.

whenever we type an url or website name in the browser,browser doesn't know what is this url or what is this website name. It only understand IP addresses. It can only send request or get responses from a IP address. So, what does browser do in order to resolve a name into IP address.It sends a request to the nearest (DNS) server to resolve this name into IP address. Now its the job of DNS server to find out the correct IP address of a particular domain name and return it back to browser.


for eg. You're on your web browser and wish to search something on www.google.com, without to think of it, you just enter this URL in your address bar and press enter.

Now, what's happening behind the scenes ? Well... basically, your browser is going to
send a request to a DNS Server to get the matching IP address for www.google.com, then
the DNS server tells your browser the IP address of GOOGLE, so your browser to connect
to CNN's IP address and display the content of the main page.




Here comes the concept of DNS Spoofing.


What if after entering the url, u get a page containing a message like 'yahoo is more efficient than google'.

you must be amazed that why google is saying that yahoo is better despite the fact that they are in the same business. Then to confirm yourself you type the IP address of google instead of typing the name (you can get the IP of a domain name by simply pinging that domain).

As soon as you type the IP address and press enter, you see the original google website,you can be sure that your DNS server which duty was to resolve the name into IP has been spoofed.

in the above picture, first the DNS server has been comprised by an attacker and he has replaced the entry of bank.com with another IP address. So, whenever a user will type bank.com into his browser, browser will take him to the fake website.
Posted by at No comments:

Wednesday, July 23, 2008

How MAC SPOOFING is done(Linux)

Under Linux, you can change your MAC address with

ifconfig 'interface' hw 'class' MAC



for eg.


 ifconfig eth0 down // disable the interface
ifconfig eth0 hw ether 02:75:73:A3:B1:80 // change MAC
ifconfig eth0 up // Enable it again


please note that there are number of other classes besides 'ether'. Check the man page for ifconfig for more detail.


In the next posts, may be i will discuss about DNS Spoofing.
Posted by at No comments:

Sunday, July 20, 2008

How MAC SPOOFING is done

For Windows: There are number of tools for MAC spoofing. but here i will discuss how MAC can be spoofed using Registry Editor. All you need is a MAC id.

Before starting spoofing MAC , run ipconfig/all from command line and see what network interfaces are present in the system along with description. Please note the actual MAC Id to verify where it has been changed or not.

1. open start->run->regedit

2. go to HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}

3. There are various sub folders under it. Browse through all the folders and see the DriverDesc key value.If it is similar to the the interface which you have, see for another key called NetworkAddress. If it is not present,create it with the data type REG_SZ and provide the new MAC Id as its value.

4. Reset the Network Adapter for which MAC has been changed.

5. verify whether MAC has been changed by running ipconfig/all again.


Most probably you have successfully changed your MAC.

how it is Done is Linux ??? Next post.
Posted by at No comments:

MAC Spoofing

MAC ( Media Access Control ) ID is unique 48 bits identification for any network interfaces. for eg. NIC (Network Interface Card, popularly known as LAN card or Ethernet card), Wi-fi card,Router, Wireless Access Points(APs) , Switches and so on.

MAC spoofing is a kind of attack in which attacker replaces MAC of his machine with another MAC which belongs to some other user.

This attack is particularly useful where in any organization ( usually universities) where user's MAC is registered in order to surf the internet.In that case whenever a user request a internet connection to his ISP, it is first checked that whether the request which is coming has a valid/Registered MAC or not.If it is registered,the user is permit to access the internet.

Now,if a attacker somehow know what are the valid MACs for this network,he could spoof it and will be able to connect to the network.


how MAC spoofing is done on Windows and Linux ??? It will be discuss in the next post.
Posted by at No comments:

Saturday, July 19, 2008

What is Web Spoofing

Web Spoofing is a class of specialized attacks which are being carried out by attackers. These are special attacks because it cant be stopped by the firewall or any anti virus software.The normal user who is not technically aware of these attacks is very much vulnerable for this kind of attacks coz, he relied upon the firewall and anti virus software which is installed at his ISP(Internet Service Provider) side as well as on his own system.

Why these attacks cant be stopped by the firewall and anti virus softwares as well ??

As it is earlier mentioned,it is a 'class' of attacks, Various kind of spoofing attacks are possible.for eg.

1. DNS Spoofing
2. IP Spoofing
3. MAC spoofing
4. Caller ID spoofing
5. ARP spoofing
6. Email spoofing etc

i will post details of each kind of spoofing attacks in the next posts.


Posted by at No comments:
Subscribe to: Comments (Atom)