[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060628000840.E839.CARDOSOLISTAS@contraditorium.com>
Date: Wed Jun 28 04:11:51 2006
From: cardosolistas at contraditorium.com (Cardoso)
Subject: DNS poisoning
Since Bind is open source, one needs a good knowledge of c/c++ and some
time.
create a few "legitim-looking" security pages, spread among clueless
sysadmins as a "security upgrade" (is binddns.org taken?) and let them
do the work for you.
As I recall there's a rogue azureus doing something like that, spreding
spywares and trojans.
On Tue, 27 Jun 2006 18:57:15 -0500
"Joel R. Helgeson" <joel@...geson.com> wrote:
JRH> No way to do that I know of on the DNS server itself, you could place a
JRH> router in front of the DNS server that will perform a source based NAT
JRH> translation to send the traffic to the poisoned server. Otherwise, you could
JRH> simply place entries into the hosts file on the target machine so that the
JRH> specific requests will never get resolved via DNS.
JRH>
JRH> Joel
JRH> ----- Original Message -----
JRH> From: "Saeed Abu Nimeh" <drellman@...mail.com>
JRH> To: <full-disclosure@...ts.grok.org.uk>
JRH> Sent: Tuesday, June 27, 2006 4:47 PM
JRH> Subject: [Full-disclosure] DNS poisoning
JRH>
JRH>
JRH> > Is there a way to do dns poisoning and make the poisoned server provide
JRH> > legitimate queries when doing dns lookup. Example: Assume I am running a
JRH> > poisoned dns server, when user X does lookup yahoo.com or dig yahoo.com
JRH> > I reply with legit yahoo entries, however, when user Y does the same
JRH> > thing I provide fake or spoofed entires.
JRH> > Thanks,
JRH> > Saeed
JRH> >
JRH> > _______________________________________________
JRH> > Full-Disclosure - We believe in it.
JRH> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
JRH> > Hosted and sponsored by Secunia - http://secunia.com/
JRH>
JRH> _______________________________________________
JRH> Full-Disclosure - We believe in it.
JRH> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
JRH> Hosted and sponsored by Secunia - http://secunia.com/
JRH>
year(now) + 1 ser? o ano do linux!
Cardoso <cardoso@...ox.com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299
vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com
Powered by blists - more mailing lists