Questions tagged [dns-spoofing]
DNS Spoofing is a network attack whereby data is introduced into a Domain Name System (DNS) resolver's cache by an attacker that has no authority, causing diverting injected names to redirect traffic to a host controlled by the attacker.
136
questions
4
votes
1
answer
81
views
Cannot consistently demonstrate ARP Spoof and DNS Spoof?
I am trying to use arpspoof and dnsspoof to practice a man-in-the-middle attack between a couple of computers at home. Despite repeatedly following the same exact steps below, I can not get ...
- 275
0
votes
0
answers
41
views
MITM experiment works with DLink DIR-605L but not Hitron CGN3AMF
I am trying to learn about man-in-the-middle. I was able to successfully demonstrate it in when I'm using a DLink DIR-605L wifi router that's connected to a Hitron CGN3AMF wifi modem. But I failed ...
- 275
3
votes
2
answers
2k
views
Understanding TLS Protections Against DNS Spoofing and Fake Websites
What protections does TLS use in the above scenario?
In the picture, the client asks the attacker for the address of Google.com, but the attacker gives them a different ip address which redirects to a ...
- 31
0
votes
1
answer
251
views
can a VPN provider do DNS poisoning?
I was wondering if we push our DNS over the VPN and basically let them do DNS resolution, is it possible to perform DNS poisoning and man in the middle attack on us?
I know browsers check certificates ...
1
vote
2
answers
278
views
DNS hijacking/poisoning effect on URL/URI and password manager autotype/autofill
A benefit to password managers, at least some of them, is that they can look at the URL and only use autotype/autofill when on the correct site, which can help prevent pharming since if instead of ...
- 13
1
vote
0
answers
166
views
How can I manipulate certain server side responses? Specifically Ajax Responses? XXE Attack? Hybrid DNS Resolution?
I would like to be able to switch back and forth between the real DNS and maybe setting a local DNS entry so I can manipulate AJAX responses for code security checks.
For instance if the server ...
- 141
0
votes
1
answer
267
views
Someone issued fake CAA records for my domain. What is the most important thing to do to resolve it?
First, I can update this with the affected domain, if it's critical, but for obvious reasons I'd like not to be the target of more problems.
Someone registered some CAA records for my domain.
I have ...
- 270
0
votes
1
answer
133
views
Suspicious ip address of our mail domain found on talosintelligence.com (spoofing attempt)
We have a fair amount of email traffic. Recently, we had some suspicious email spoofing attacks and a lot of users reported that outgoing emails were marked as spam and landed in junk folder (reported ...
- 3
0
votes
1
answer
326
views
How does the attacker guess the domain name in a DNS query for DNS cache poisoning
Prior to 2008 before Dan Kaminsky finds the DNS issue, the resolver checked only the
Transaction ID. I have seen videos in which it is explained if an attacker manages to send
a DNS response like (...
1
vote
1
answer
467
views
Risks of getting hostname for SSL cert verification via forward-confirmed reverse DNS lookup of user-supplied IP?
My understanding after reading other questions here is that an attacker would need control of the nameserver or the ability to forge responses from it to exploit this. Could it be abused in other ways?...
- 113
2
votes
1
answer
248
views
Does using IP address over Tor with a one essential website expose me to any attack surface?
I routinely access www.email-provider-of-my-choice.com via browser over Tor. My browser enforces https-only mode and I opt for never saving my credentials with this provider. I tend to use the domain ...
- 137
0
votes
1
answer
438
views
Can this logic with regard to checking Reverse DNS records be flawed?
For my web app, I hardcode a reverse DNS detection for common web crawlers. And for detecting them I use their Reverse DNS, which I always check whether it includes i.e. google.com. My questions would ...
- 264
0
votes
1
answer
232
views
how does a DNS request sniffer see packets destined for DNS server?
If a DNS sniffer/spoofer is running on a network using something like netwag/netwox, how does the sniffer see the request that is destined for the real DNS server?
Wouldn't the packets for the DNS ...
- 101
-1
votes
1
answer
125
views
Are purchased domains from third party registrar or hosting managers without Cpanels or VPS or Editable Pages hackable?
If someone buys a domain and one may type the URL in but just sees a template page from the registrar but doesn’t purchase a cPanel or VPS or root access or any way to edit the website, does the ...
- 109
0
votes
1
answer
234
views
DNS local cache spoofing with malware or RAT
I was learning networking and knew that browsers don't have algorithms to convert domain names to IPs. It queries a DNS server.
After that, the computer remembers the IP, so next time the domain is ...
- 119