Security Basics mailing list archives
Re: DNS cache poisoning and pharming
From: Times Enemy <times () krr org>
Date: Tue, 31 May 2005 09:06:21 -0700
Greetings. http://ettercap.sourceforge.net/Using Ettercap, DNS poisoning is only a matter of modifying a text file, and firing up the app..
As for pharming, most sniffers can be used for this, though on a switched network some extra work may be required. Again, ettercap can handle the switched networks.
If a network has effective IDS/IPS, and is actively monitoring for ARP anomalies and such, then that network _may_ discover an instance of ettercap running on it. Ettercap also can search for other instances of ettercap, amongst a whole lot of other things. I highly suggest you check it out.
This would be a wee bit more difficult to do against a remote ISP. .times enemy David wrote:
http://hostsearch.com/news/logiguard_news_3177.asp This article makes a claim that DNS poisoning and pharming are really dangerous in that anyone can be redirected from trying to go to their online bank to a fake bank site where there login is collected. Is this really such a threat or is it just Logiguard advertising themselves? Thanks, Dave
Current thread:
- Re: DNS cache poisoning and pharming Times Enemy (Jun 01)
- Re: DNS cache poisoning and pharming Tom Van de Wiele (Jun 06)
- <Possible follow-ups>
- Re: RE: DNS cache poisoning and pharming daswani (Jun 09)
- RE: RE: DNS cache poisoning and pharming Joe George (Jun 09)
- RE: RE: DNS cache poisoning and pharming Sadler, Connie (Jun 09)