Transcript DNS Attack
DNS Attack Dalia Solomon CONFIGURATION KNOPPIX SDT STD stands for security tools distribution A bootable CD with Linux OS, Linux kernel 2.4.2 STD focuses on information security and network management tools. Step I Laptop A Was booted from CD drive, with Knoppix STD. Laptop B Runs Ethereal 0.10.3. Step II On laptop A, I type the following command: arpspoof –i eth0 192.168.0.3 Arpspoof intercepts packets on a switched LAN What actually happens? Laptop A, constantly sends laptop B, ARP replies ARP saying: MAC address (00-0c-29df-af-9b) belongs to the IP of the DNS server (192.168.0.3) laptop B, makes a wrong entry in his ARP cache Result….. Laptop B wants to send an IP packet to the DNS server it sends the Ethernet frame to Laptop’s A MAC address, so actually laptop A gets the IP packet. On laptop A, we have the following screen: Note when I type the command (on Laptop B): arp -a Shows us the local machines arp table Table gives the machine a set of remembered MAC addresses for IP address Reason does not need to repeatedly broadcast to find this information for each network transmission. ARP Table Step III on laptop A, and type the following command dnsspoof Next….. edit /var/www/index.htm Write the html code. In our case “you’ve been spoofed”. Questions?