begood Posted April 5, 2010 Report Posted April 5, 2010 DNS Spoofing is the art of making a DNS entry to point to an another IP than it wouldbe supposed to point to. To understand better, let's see an example.You're on your web browser and wish to see the news on www.cnn.com, without to think ofit, you just enter this URL in your address bar and press enter.Now, what's happening behind the scenes ? Well... basically, your browser is going tosend a request to a DNS Server to get the matching IP address for www.cnn.com, thenthe DNS server tells your browser the IP address of CNN, so your browser to connectto CNN's IP address and display the content of the main page.Hold on a minute... You get a message saying that CNN's web site has closed becausethey don't have anymore money to pay for their web site. You're so amazed, you calland tell that to your best friend on the phone, of course he's laughing at you, butto be sure, he goes to CNN web site to check by himself.You are surprised when he tells you he can see the news of the day as usual and youstart to wonder what's going on. Are you sure you are talking to the good IP address ?Let's check. You ask your friend to fire up his favorite DNS resolving tool (orsimply ping) and to give you the IP address he's getting for www.cnn.com.Once you got it, you put it in your browser URL bar : http://212.153.32.65You feel ridiculous and frustrated when you see CNN's web page with its daily news.Well you've just been the witness of a DNS hijacking scenario. You're wondering whathappened, did the DNS Server told you the wrong IP address ? Maybe... At least thisis the most obvious answer coming to our mind.In fact there are two techniques for accomplishing this DNS hijacking. Let's see thefirst one, the "DNS ID Spoofing" technique.read it all here : http://www.securesphere.net/download/papers/dnsspoof.htmdownload : http://www.2shared.com/file/12446366/fcca9422/DNS_Spoofing_techniques.html Quote
