Transcript DNS Attack

DNS Attack
Dalia Solomon
CONFIGURATION
KNOPPIX SDT
STD stands for security tools
distribution
 A bootable CD with Linux OS, Linux
kernel 2.4.2
 STD focuses on information security
and network management tools.

Step I

Laptop A Was booted from CD
drive, with Knoppix STD.

Laptop B Runs Ethereal 0.10.3.
Step II
On laptop A, I type the following
command:
arpspoof –i eth0 192.168.0.3
Arpspoof intercepts packets on a
switched LAN
What actually happens?
Laptop A, constantly sends laptop B,
ARP replies
 ARP saying: MAC address (00-0c-29df-af-9b) belongs to the IP of the DNS
server (192.168.0.3)
 laptop B, makes a wrong entry in his
ARP cache

Result…..
Laptop B wants to send an IP packet
to the DNS server it sends the
Ethernet frame to Laptop’s A MAC
address, so actually laptop A gets
the IP packet.
On laptop A, we have the following screen:
Note
when I type the command (on Laptop B):
arp -a
Shows us the local machines arp table
Table gives the machine a set of remembered
MAC addresses for IP address
Reason does not need to repeatedly
broadcast to find this information for each
network transmission.
ARP Table
Step III
on laptop A, and type the following
command
dnsspoof
Next…..
edit /var/www/index.htm
Write the html code. In our case
“you’ve been spoofed”.
Questions?