DNS Spoofing







Risk Rating:


When a user requests a website via their web browser, say http://webmail.example .com, a DNS request is sent out to the configured DNS server, which then sends back a DNS reply containing the IP address corresponding to the URL. The web browser then connects to the IP address and downloads the requested web page.

Let's assume that an attacker has set up a spoofed version of this website on the attack machine on the local network, which mimics the real website that the user has requested. By performing an ARP spoofing attack, the hacker will see these DNS requests in the network traffic and is able to send a spoofed DNS reply to the user containing the IP address of the attacker's machine. The user's web browser will then connect to the attacker's machine and download the spoofed web page. The user may then attempt to log in to the web mail application, allowing the attacker to capture the user's authentication credentials and giving the attacker access to the real web mail application.

To ensure that the attacker's spoofed DNS reply gets to the user before the actual DNS server's reply, the hacker is able to use ARP spoofing to perform a denial of service attack by redirecting the DNS server's replies to a nonexistent machine. This stops any intermittent issues, allowing the attack to be carried out much more reliably.

This attack has successfully exploited the trust relationship that the user's web browser has with the organization's internal DNS server, as well as the trust relationship that is created when the user sees the correct URL shown in the address bar of the web browser.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook

Post a comment