Full Disclosure mailing list archives
Re: DNS poisoning
From: Cardoso <cardosolistas () contraditorium com>
Date: Wed, 28 Jun 2006 00:11:40 -0300
Since Bind is open source, one needs a good knowledge of c/c++ and some time. create a few "legitim-looking" security pages, spread among clueless sysadmins as a "security upgrade" (is binddns.org taken?) and let them do the work for you. As I recall there's a rogue azureus doing something like that, spreding spywares and trojans. On Tue, 27 Jun 2006 18:57:15 -0500 "Joel R. Helgeson" <joel () helgeson com> wrote: JRH> No way to do that I know of on the DNS server itself, you could place a JRH> router in front of the DNS server that will perform a source based NAT JRH> translation to send the traffic to the poisoned server. Otherwise, you could JRH> simply place entries into the hosts file on the target machine so that the JRH> specific requests will never get resolved via DNS. JRH> JRH> Joel JRH> ----- Original Message ----- JRH> From: "Saeed Abu Nimeh" <drellman () hotmail com> JRH> To: <full-disclosure () lists grok org uk> JRH> Sent: Tuesday, June 27, 2006 4:47 PM JRH> Subject: [Full-disclosure] DNS poisoning JRH> JRH> JRH> > Is there a way to do dns poisoning and make the poisoned server provide JRH> > legitimate queries when doing dns lookup. Example: Assume I am running a JRH> > poisoned dns server, when user X does lookup yahoo.com or dig yahoo.com JRH> > I reply with legit yahoo entries, however, when user Y does the same JRH> > thing I provide fake or spoofed entires. JRH> > Thanks, JRH> > Saeed JRH> > JRH> > _______________________________________________ JRH> > Full-Disclosure - We believe in it. JRH> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html JRH> > Hosted and sponsored by Secunia - http://secunia.com/ JRH> JRH> _______________________________________________ JRH> Full-Disclosure - We believe in it. JRH> Charter: http://lists.grok.org.uk/full-disclosure-charter.html JRH> Hosted and sponsored by Secunia - http://secunia.com/ JRH> year(now) + 1 serĂ¡ o ano do linux! Cardoso <cardoso () pobox com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299 vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DNS poisoning Saeed Abu Nimeh (Jun 27)
- Re: DNS poisoning Valdis . Kletnieks (Jun 28)
- <Possible follow-ups>
- Re: DNS poisoning Joel R. Helgeson (Jun 27)
- Re: DNS poisoning Cardoso (Jun 27)
- Re: DNS poisoning Aaron Gray (Jun 27)