Welcome to DevilGroup - Carding Forum - Free Premium Accounts

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features such as download links. by joining our free
community you will have access to posts topics,communicate privately with other members (PM),respond to polls,upload content and access many other special features.
Registration is fast,simple and absolutely free so please,
 Click Sign up Button For Register 

- Advertisement Area -
For purchasing Ads contact ICQ : 623378515 
http://cloud-shack.com/ https://rescator.cm/
Sign in to follow this  
Mr Bomb

DNS Poisoning

1 post in this topic

DNS Poisoning ***8722; Exercise

 

Let’s do an exercise on DNS poisoning using the same tool, Ettercap.

DNS Poisoning is quite similar to ARP Poisoning. To initiate DNS poisoning, you have to start with ARP poisoning, which we have already discussed in the previous chapter. We will use DNS spoof plugin which is already there in Ettercap.

Step 1 ***8722; Open up the terminal and type “nano etter.dns”. This file contains all entries for DNS addresses which is used by Ettercap to resolve the domain name addresses. In this file, we will add a fake entry of “Facebook”. If someone wants to open Facebook, he will be redirected to another website.

terminal.jpg Step 2 ***8722; Now insert the entries under the words “Redirect it to http://www.linux.org”. See the following example ***8722;

redirect.jpg Step 3 ***8722; Now save this file and exit by saving the file. Use “ctrl+x” to save the file.

Step 4 ***8722; After this, the whole process is same to start ARP poisoning. After starting ARP poisoning, click on “plugins” in the menu bar and select “dns_spoof” plugin.

plugins.jpg Step 5 ***8722; After activating the DNS_spoof, you will see in the results that facebook.com will start spoofed to Google IP whenever someone types it in his browser.

activating.jpg It means the user gets the Google page instead of facebook.com on their browser.

In this exercise, we saw how network traffic can be sniffed through different tools and methods. Here a company needs an ethical hacker to provide network security to stop all these attacks. Let’s see what an ethical hacker can do to prevent DNS Poisoning.

Defenses against DNS Poisoning

 

As an ethical hacker, your work could very likely put you in a position of prevention rather than pen testing. What you know as an attacker can help you prevent the very techniques you employ from the outside.

Here are defenses against the attacks we just covered from a pen tester’s perspective ***8722;

 

  • Use a hardware-switched network for the most sensitive portions of your network in an effort to isolate traffic to a single segment or collision domain.
  • Implement IP DHCP Snooping on switches to prevent ARP poisoning and spoofing attacks.
  • Implement policies to prevent promiscuous mode on network adapters.
  • Be careful when deploying wireless access points, knowing that all traffic on the wireless network is subject to sniffing.
  • Encrypt your sensitive traffic using an encrypting protocol such as SSH or IPsec.
  • Port security is used by switches that have the ability to be programmed to allow only specific MAC addresses to send and receive data on each port.
  • IPv6 has security benefits and options that IPv4 does not have.
  • Replacing protocols such as FTP and Telnet with SSH is an effective defense against sniffing. If SSH is not a viable solution, consider protecting older legacy protocols with IPsec.
  • Virtual Private Networks (VPNs) can provide an effective defense against sniffing due to their encryption aspect.
  • SSL is a great defense along with IPsec.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this