lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060628000840.E839.CARDOSOLISTAS@contraditorium.com>
Date: Wed Jun 28 04:11:51 2006
From: cardosolistas at contraditorium.com (Cardoso)
Subject: DNS poisoning


Since Bind is open source, one needs a good knowledge of c/c++ and some
time. 

create a few "legitim-looking" security pages, spread among clueless
sysadmins as a "security upgrade" (is binddns.org taken?) and let them
do the work for you. 

As I recall there's a rogue azureus doing something like that, spreding
spywares and trojans.


On Tue, 27 Jun 2006 18:57:15 -0500
"Joel R. Helgeson" <joel@...geson.com> wrote:

JRH> No way to do that I know of on the DNS server itself, you could place a 
JRH> router in front of the DNS server that will perform a source based NAT 
JRH> translation to send the traffic to the poisoned server. Otherwise, you could 
JRH> simply place entries into the hosts file on the target machine so that the 
JRH> specific requests will never get resolved via DNS.
JRH> 
JRH> Joel
JRH> ----- Original Message ----- 
JRH> From: "Saeed Abu Nimeh" <drellman@...mail.com>
JRH> To: <full-disclosure@...ts.grok.org.uk>
JRH> Sent: Tuesday, June 27, 2006 4:47 PM
JRH> Subject: [Full-disclosure] DNS poisoning
JRH> 
JRH> 
JRH> > Is there a way to do dns poisoning and make the poisoned server provide
JRH> > legitimate queries when doing dns lookup. Example: Assume I am running a
JRH> > poisoned dns server, when user X does lookup yahoo.com or dig yahoo.com
JRH> > I reply with legit yahoo entries, however, when user Y does the same
JRH> > thing I provide fake or spoofed entires.
JRH> > Thanks,
JRH> > Saeed
JRH> >
JRH> > _______________________________________________
JRH> > Full-Disclosure - We believe in it.
JRH> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
JRH> > Hosted and sponsored by Secunia - http://secunia.com/ 
JRH> 
JRH> _______________________________________________
JRH> Full-Disclosure - We believe in it.
JRH> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
JRH> Hosted and sponsored by Secunia - http://secunia.com/
JRH> 

year(now) + 1 ser? o ano do linux!
Cardoso <cardoso@...ox.com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299
vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ