Full Disclosure mailing list archives

Re: DNS poisoning

From: Cardoso <cardosolistas () contraditorium com>
Date: Wed, 28 Jun 2006 00:11:40 -0300


Since Bind is open source, one needs a good knowledge of c/c++ and some
time. 

create a few "legitim-looking" security pages, spread among clueless
sysadmins as a "security upgrade" (is binddns.org taken?) and let them
do the work for you. 

As I recall there's a rogue azureus doing something like that, spreding
spywares and trojans.


On Tue, 27 Jun 2006 18:57:15 -0500
"Joel R. Helgeson" <joel () helgeson com> wrote:

JRH> No way to do that I know of on the DNS server itself, you could place a 
JRH> router in front of the DNS server that will perform a source based NAT 
JRH> translation to send the traffic to the poisoned server. Otherwise, you could 
JRH> simply place entries into the hosts file on the target machine so that the 
JRH> specific requests will never get resolved via DNS.
JRH> 
JRH> Joel
JRH> ----- Original Message ----- 
JRH> From: "Saeed Abu Nimeh" <drellman () hotmail com>
JRH> To: <full-disclosure () lists grok org uk>
JRH> Sent: Tuesday, June 27, 2006 4:47 PM
JRH> Subject: [Full-disclosure] DNS poisoning
JRH> 
JRH> 
JRH> > Is there a way to do dns poisoning and make the poisoned server provide
JRH> > legitimate queries when doing dns lookup. Example: Assume I am running a
JRH> > poisoned dns server, when user X does lookup yahoo.com or dig yahoo.com
JRH> > I reply with legit yahoo entries, however, when user Y does the same
JRH> > thing I provide fake or spoofed entires.
JRH> > Thanks,
JRH> > Saeed
JRH> >
JRH> > _______________________________________________
JRH> > Full-Disclosure - We believe in it.
JRH> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
JRH> > Hosted and sponsored by Secunia - http://secunia.com/ 
JRH> 
JRH> _______________________________________________
JRH> Full-Disclosure - We believe in it.
JRH> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
JRH> Hosted and sponsored by Secunia - http://secunia.com/
JRH> 

year(now) + 1 será o ano do linux!
Cardoso <cardoso () pobox com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299
vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

DNS poisoning Saeed Abu Nimeh (Jun 27)
- Re: DNS poisoning Valdis . Kletnieks (Jun 28)
- <Possible follow-ups>
- Re: DNS poisoning Joel R. Helgeson (Jun 27)
  - Re: DNS poisoning Cardoso (Jun 27)
- Re: DNS poisoning Aaron Gray (Jun 27)