Security Basics mailing list archives
RE: DNS cache poisoning and pharming
From: <Salvador.Manaois () infineon com>
Date: Tue, 31 May 2005 22:15:02 +0800
Imho this is a serious threat that every sysadmin and ISO should be concerned with. Classic MITM attacks (with ARP spoofing) could be used to trick users to connect to a rogue DNS server which contains records of well-known sites which are actually spoofed on the attacker's web server. To the user, it would seem that he is connecting to the www.paypal.com (for example) when he is in fact connected to a spoofed page on the attacker's web server. Phishing requires some user interaction (clicking on some links, for example) but pharming is an entirely different story. The user might just type www.somepaysite.com in the address bar and would be shown a relatively harmless page. ...badz... http://www.rancidroot.blogspot.com -----Original Message----- From: David [mailto:david () clicksee net] Sent: Tuesday, May 31, 2005 5:55 PM To: security-basics () securityfocus com Subject: DNS cache poisoning and pharming http://hostsearch.com/news/logiguard_news_3177.asp This article makes a claim that DNS poisoning and pharming are really dangerous in that anyone can be redirected from trying to go to their online bank to a fake bank site where there login is collected. Is this really such a threat or is it just Logiguard advertising themselves? Thanks, Dave
Current thread:
- DNS cache poisoning and pharming David (May 31)
- RE: DNS cache poisoning and pharming Miguel Dilaj (May 31)
- <Possible follow-ups>
- RE: DNS cache poisoning and pharming Salvador.Manaois (May 31)