What Is DNS Poisoning? – DNS Poisoning could be a technique that tricks a DNS Server into basic cognitive process that it’s recieved authentic info once, in reality, it has not.
It leads to substitution of a false informatics address at the DNS level wherever internet addresses area unit regenerate into numeric informatics Addresses.
It permits offender to interchange informatics address entries for a target web site on a given DNS server with informatics address of the server he/she controls.
Attacker will produce faux DNS entries for the server (containing malicious content) with same names as that of the target server.
Intranet DNS Spoofing
For this system, you need to be connected to the native space Network (LAN) and be able to sniff packets. it works well against switches with Jean Arp poisoning the router.
Internet DNS Spoofing, offender infects Rebecca’s machine with a Trojan and changes the her DNS informatics Address thereto of the attacker’s.
Proxy Server DNS Poisoning
Attacker sends a Trojan to Rebecca’s machine that changes her proxy server settings in web individual thereto of the offender’s and redirects to faux web site.
DNS Cache Poisoning
DNS Cache poisoning refers to sterilization or adding solid DNS records into the DNS resolveer cache in order that a DNS question is redirected to a malicious web site.
if the DNS resolver cannot validate that the DNS responses have return from AN authoritative supply, it’ll cache the wrong entries domestically and serve them to users United Nations agency create an equivalent request.
How to Defend Against DNS Spoofing
- Resolve all DNS queries to native DNS server
- Block DNS requests from aiming to external servers
- put together Firewall to limit external DNS operation
- Implement IDS and deploy it properly
- Implement DNSSEC
- put together DNS Resolver to use a brand new random supply port for every outgoing question.
- limit DNS recusing service, either full or partial, to approved users.
- Use DNS Non-Existent Domain (NXDOMAIN) Rate Limiting
- Secure Your Internal machines
It enables you to capture and interactively browse the traffic running on a electronic network.
Wireshark uses Winpcap to capture packets, therefore it will solely capture the packets on the networks supported by Winpcap
It captures live network traffic from LAN, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI Networks.
Captured files are often programmatically emended via command-line
A set of filters for custom-made information show are often refined employing a show filter.
Display Filters in Wireshark
- Display Filtering By Protocol
- Example: Type the protocol in the filter box; arp, http, tcp,udp, dns, ip.
- Monitoring the Specific Ports
- ip.addr–192.168.1.100 machine & ip.addr–192.168.1.100 “tcp.port-23”
- Filtering by Multiple IP Addresses
- ip.addr — 10.0.0.4 or ip.addr — 10.0.0.5
- Filtering By IP Address
- ip.addr — 10.0.04
- Other Filters
- ip.dst — 10.0.1.50 “frame.pkt_len> 400
- ip.addr — 10.0.1.12 “icmp ” frame.number > 15 ” frame.number <30
- ip.src — 220.127.116.11 or ip.dst — 18.104.22.168
How to Defend Against Sniffing
- Use protocolS rather than HTTP to safeguard usernames and passwords.
- Use switch rather than hub as switch delivers information solely to be supposed recipient.
- Use SFTP, rather than FTP for secure transfer of files.
- Use PGP and S/MIPE, VPN, IPsec, SSL/TLS, Secure Shell (SSH) one-time passwords (otp)
- continuously code the wireless traffic with a powerful encoding protocol such WPA and WPA2.
- Retrieve mack directly from NIC rather than OS; this prevents mack, address spoofing
- Use tools to work out if any NICs area unit running within the promiscuous mode.
If you wish This journal Please Comment Down And For a lot of Hacking Content Click Here