Security Basics mailing list archives

Re: DNS cache poisoning and pharming

From: Times Enemy <times () krr org>
Date: Tue, 31 May 2005 09:06:21 -0700

Greetings.

http://ettercap.sourceforge.net/

Using Ettercap, DNS poisoning is only a matter of modifying a text file,and firing up the app..

As for pharming, most sniffers can be used for this, though on aswitched network some extra work may be required. Again, ettercap canhandle the switched networks.

If a network has effective IDS/IPS, and is actively monitoring for ARPanomalies and such, then that network _may_ discover an instance ofettercap running on it. Ettercap also can search for other instances ofettercap, amongst a whole lot of other things. I highly suggest youcheck it out.


This would be a wee bit more difficult to do against a remote ISP.


.times enemy


David wrote:

http://hostsearch.com/news/logiguard_news_3177.asp

This article makes a claim that DNS poisoning and pharming are really
dangerous in that anyone can be redirected from trying to go to their
online bank to a fake bank site where there login is collected. Is this
really such a threat or is it just Logiguard advertising themselves?

Thanks,

Dave

Current thread:

Re: DNS cache poisoning and pharming Times Enemy (Jun 01)
- Re: DNS cache poisoning and pharming Tom Van de Wiele (Jun 06)
- <Possible follow-ups>
- Re: RE: DNS cache poisoning and pharming daswani (Jun 09)
- RE: RE: DNS cache poisoning and pharming Joe George (Jun 09)
- RE: RE: DNS cache poisoning and pharming Sadler, Connie (Jun 09)