Questions tagged [dns-spoofing]
DNS Spoofing is a network attack whereby data is introduced into a Domain Name System (DNS) resolver's cache by an attacker that has no authority, causing diverting injected names to redirect traffic to a host controlled by the attacker.
15
questions with no upvoted or accepted answers
5
votes
1
answer
4k
views
dnsspoof and bettercap not dns-spoofing
I want to dns spoof my own phone, because I feel like it would be a cool experiment to do. It's not working (damn phone keeps connecting to the internet), and I would really appreciate any suggestions ...
- 61
3
votes
1
answer
487
views
Does subdomain DNS cache poisoning depend on the authoritative name server ignoring requests for non-existing domains?
I'm reading "Introduction to Computer Security", Pearson New International Edition, 1st edition, by Goodrich and Tamassia.
On the subject of DNS cache poisoning, they mention that a "...
2
votes
0
answers
641
views
Mitigating reverse DNS lookup danger / exploitation
I have read several posts indicating that reverse dns lookup cannot be trusted, as someone can spoof DNS -- so when a rule is made that allows traffic through dns, its possible to exploit.
However, ...
- 31
2
votes
0
answers
172
views
DNS sinkhole usability
Although I know what the use of a DNS sinkhole is (I guess I do) I'm struggling to understanding how well scalable such solution is.
DNS sinkhole or black hole DNS is used to spoof DNS servers to ...
- 1,588
2
votes
0
answers
236
views
bind9 resolves all queries to one address - a compromised server?
Since this morning we tried to open some SSL sites and were greeted by browser warnings, that certificate is not for this site. Upon checking the certificate, we determined that it is issued to *....
- 179
2
votes
0
answers
916
views
ssh dns spoofing warning - possible investigation?
Recently the router my ISP provided started to work suspiciously. At times the wireless connection from my devices to the router breaks and the router stops responding while sometimes the connection ...
- 61
1
vote
0
answers
167
views
How can I manipulate certain server side responses? Specifically Ajax Responses? XXE Attack? Hybrid DNS Resolution?
I would like to be able to switch back and forth between the real DNS and maybe setting a local DNS entry so I can manipulate AJAX responses for code security checks.
For instance if the server ...
- 141
1
vote
0
answers
116
views
How do you mitigate the risk of stolen unencrypted data because you are using Cloud DNS to proxy the request that are sent to your server?
Goal
My goal is to build a PWA. I am new to programming and I believe it is better to start with NGINX.
I have not found a good article (explaining the security risk) about using the Cloud DNS (such ...
1
vote
0
answers
2k
views
DNS Packet Spoof Scapy
I am looking into local DNS spoofing by sniffing DNS-requests with Scapy, and sending a spoofed packet in response.
Here is the code I used:
from scapy.all import *
def spoof_dns(pkt):
if (DNS ...
- 2,399
1
vote
1
answer
974
views
DNS Hijack: Only spoofing sites listed in etter.dns
I'm trying to create a more practical DNS Hijack MITM attack. I do the traditional ARP poison with dns_spoof method. I don't have any issues getting it to work. The intended domain redirects exactly ...
- 163
1
vote
1
answer
221
views
How does DNSCurve protect against forgery in a man-in-the-middle attack scenario?
This Question is about DNSCurve. I thought of DNSCurve as "HTTPS for DNS" (like in this Answer) but had some resent thoughts about the trust-relationship between resolvers and nameservers serving the ...
- 11
1
vote
0
answers
179
views
What would an attacker need to know about the DNS request (itself) to successfully poison a DNS cache?
According to a thread I recently read, in general, for one method of DNS poisoning, an attacker only needs to know the victim's DNS server (see this thread: DNS cache poisoning). [I'm assuming the "...
0
votes
0
answers
42
views
MITM experiment works with DLink DIR-605L but not Hitron CGN3AMF
I am trying to learn about man-in-the-middle. I was able to successfully demonstrate it in when I'm using a DLink DIR-605L wifi router that's connected to a Hitron CGN3AMF wifi modem. But I failed ...
- 275
0
votes
0
answers
196
views
DNS hijacking to infect computers with ransomware?
While speaking to a friend regarding protecting personal computers from ransomware, I mentioned that I use a limited user account with application white-listing via SRP (I am running Windows). He ...
user125213
0
votes
1
answer
236
views
DNS local cache spoofing with malware or RAT
I was learning networking and knew that browsers don't have algorithms to convert domain names to IPs. It queries a DNS server.
After that, the computer remembers the IP, so next time the domain is ...
- 119