RE: DNS cache poisoning and pharming

[<Salvador.Manaois () infineon com>]

Imho this is a serious threat that every sysadmin and ISO should be
concerned with. Classic MITM attacks (with ARP spoofing) could be used
to trick users to connect to a rogue DNS server which contains records
of well-known sites which are actually spoofed on the attacker's web
server. To the user, it would seem that he is connecting to the
www.paypal.com (for example) when he is in fact connected to a spoofed
page on the attacker's web server. 

Phishing requires some user interaction (clicking on some links, for
example) but pharming is an entirely different story. The user might
just type www.somepaysite.com in the address bar and would be shown a
relatively harmless page.

...badz...
http://www.rancidroot.blogspot.com

-----Original Message-----
From: David [mailto:david () clicksee net] 
Sent: Tuesday, May 31, 2005 5:55 PM
To: security-basics () securityfocus com
Subject: DNS cache poisoning and pharming


http://hostsearch.com/news/logiguard_news_3177.asp
 
This article makes a claim that DNS poisoning and pharming are really
dangerous in that anyone can be redirected from trying to go to their
online bank to a fake bank site where there login is collected. Is this
really such a threat or is it just Logiguard advertising themselves?
 
Thanks,
 
Dave