DNS Cache Posioning, Pharming
Fall 2006- ECPE 177, Computer Networking
Only the Abstract and Conclusion are included on this page. If you want to read the whole report,
please email me for it.
Abstract
This report seeks to explore 'pharming' also known as DNS (domain name system) cache poisoning. Pharming is another illegal way for scammers to get private and sensitive information from people. It's a lot easier than sending spam to emails because with pharming people are willingly clicking on the link and then they will be redirected to another site that may or may not be very similar to the real one. Not knowing that it is a fake site they will then enter personal information (ex usernames, passwords, etc.) which the scammers will use to try to gain as much financially as possible. Pharming will be done to test its effective in pharming data and to determine if more security is needed in DNS.
Conclusion
Even though the DNS cache poisoning technique used in this report failed, it doesn’t mean that cache poisoning is hard to do and that we don’t have to worry about our DNS server being hacked into. “Four in five authoritative domain name system (DNS) servers across the world are vulnerable to types of hacking attacks that might be used by hackers to misdirect surfers to potentially fraudulent domains” (Leyden, par 1). Elimination of the DNS server is unthinkable because most people don’t want to remember the IP addresses for the sites they want to go to. And domain names are a lot easier to remember.
There are several ways on what one can do to prevent DNS cache poisoning from happening. “A secure version of DNS, DNSSEC, [can be used to prevent cache poisoning, it] uses cryptographic electronic signatures signed with a trusted digital certificate to determine the authenticity of data.” (Wikipedia, par. 15) For consumers, one can always look for the “s” which stands for secure in “https”, look for the yellow lock box at the bottom of the browser which means the site is secure (has a digital certificate), and if something doesn’t look right with the site ask a friend to open the same site on their computer to see if it’s showing the same thing.
Reference
Gunnewiek, Rob Klein. “Packet Wizardry: Ruling the Network with Python.” 28 March 2005. Packet Storm. 11 October 2006 <http://packetstorm.linuxsecurity.com/papers/general/blackmagic.txt>
Leyden, John. “Most DNS servers 'wide open' to attack.” 24 October 2005. The Register. 29 October 2006 <http://www.theregister.co.uk/2005/10/24/dns_security_survey/>
Ollmann, Gunter. “The Pharming Guide.” July 2005. NGSSoftware Insight Security Research. 10 October 2006 <www.ngssoftware.com/papers/ThePharmingGuide.pdf>
Scapy. 1 October 2006 <http://www.secdev.org/projects/scapy/>
Spacefox. “DNS Spoofing Techniques.” 23 January 2002. SecureSphere. 11 October 2006 <http://securesphere.net/download/papers/dnsspoof.htm>
Stewart, Joe. “DNS Cache Poisoning – The Next Generation.” LURHQ. 11 October 2006 <http://www.lurhq.com/dnscache.pdf>
Wikipedia. 2006. 10 October 2006. <http://en.wikipedia.org/wiki/>
Bibliography
Answers Corporation: Online Encyclopedia. 2006. <http://www.answers.com/>
E-Mind. “Remote Root Exploit How-To.” Packet Store Security. 10 November 2006 <http://packetstoresecurity.org/0003-exploits/NXT-Howto.txt>
InfoSysSec.2006. <http://www.infosyssec.org/infosyssec/security/hackhow1.htm>
Raynal, Frederic. Et al. “ARP-SP: A Swiss Knife Tool for ARP.” LeMagazine. 10 November 2006 <http://sid.rstack.org/arp-sk/>
|
Home