What Are The Drone Anti-jamming Systems Technology?
How DNS Poisoning works?
1. Monark Modi || +918866601590 || monark111@yahoo.com
facebook.com/monark111 || twitter.com/monark111 Page 1
How does
DNS Poisoning Work?
Full Tutorial
Presented By:
Monark Modi
2. Monark Modi || +918866601590 || monark111@yahoo.com
facebook.com/monark111 || twitter.com/monark111 Page 2
DNS POISONING
What do you mean by DNS?
The DNS (Domain Name System) translates Internet domain and host
names to IP addresses. DNS automatically converts the names we type in
our Web browser address bar to the IP addresses of Web servers hosting
those sites.
In today’s world with botnets, viruses and other nefarious applications that
use the Domain Name System (DNS) to further their harmful activities.
How DNS works?
Whenever your computer contacts a domain name like “google.com,” it must
first contact its DNS server. The DNS server responds with one or more IP
addresses where your computer can reach google.com. Your computer then
connects directly to that numerical IP address. DNS converts human-
readable addresses like “google.com” to computer-readable IP addresses like
“173.194.67.102″.
3. Monark Modi || +918866601590 || monark111@yahoo.com
facebook.com/monark111 || twitter.com/monark111 Page 3
Thus now,
What is DNS Cache?
A DNS cache contains entries that translate Internet domain names (such as
"google.com") to IP addresses. The Internet's Domain Name System (DNS)
involves caching on both Internet DNS servers and on the client computers
that contact DNS servers. These caches provide an efficient way for DNS to
efficiently keep the Internet synchronized as the IP addresses of some
servers change and as new servers come online.
4. Monark Modi || +918866601590 || monark111@yahoo.com
facebook.com/monark111 || twitter.com/monark111 Page 4
So, what if this DNS Cache becomes polluted????
This is known as DNS Poisoning!
DNS Poisoning
A DNS cache can become poisoned if it contains an incorrect entry. For
example, if an attacker gets control of a DNS server and changes some of
the information on it — for example, they could say that google.com actually
points to an IP address the attacker owns — that DNS server would tell its
users to look for Google.com at the wrong address. The attacker’s address
could contain some sort of malicious phishing website
DNS poisoning like this can also spread. For example, if various Internet
service providers are getting their DNS information from the compromised
server, the poisoned DNS entry will spread to the Internet service providers
and be cached there. It will then spread to home routers and the DNS
caches on computers as they look up the DNS entry, receive the incorrect
response, and store it.
5. Monark Modi || +918866601590 || monark111@yahoo.com
facebook.com/monark111 || twitter.com/monark111 Page 5
DNS Poisoning using Cain and Abel
Requirements:
1. Tool- Cain and Abel
2. A Wifi network
3. A windows operating system
4. Some Victims :P
Procedure:
1-After you install cain , open it and go to the sniffer tab
2-Click on configure and choose your adapter
3-Enable the sniffer (click on the second icon in the toolbar next to the open icon)
6. Monark Modi || +918866601590 || monark111@yahoo.com
facebook.com/monark111 || twitter.com/monark111 Page 6
4-Right click in the empty area and choose scan MAC addresses. We get the results above.
5-Click on the APR Tab
6-Click on the + sign in the toolbar to add a new ARP poison routing
7. Monark Modi || +918866601590 || monark111@yahoo.com
facebook.com/monark111 || twitter.com/monark111 Page 7
7-choose the gateway which is 172.128.254.1 , in the next list you’ll get the IP of the
computer 2 which is 172.128.254.10 and click ok
8-now click on the APR-DNS tab
9-click on the + sign
8. Monark Modi || +918866601590 || monark111@yahoo.com
facebook.com/monark111 || twitter.com/monark111 Page 8
10-enter the web address that you want to spoof , (in this case when the user goes to
facebook he’ll be redirected to myspace) click on resolve type the web address that you
want to redirect the user to it, and click ok, and you’ll get the IP of the web address, then
click ok
you'll get something like this:
11-now to make this work we have to enable APR poisoning , click on the icon next to the
sniffer icon, and everything should work as we expect.
9. Monark Modi || +918866601590 || monark111@yahoo.com
facebook.com/monark111 || twitter.com/monark111 Page 9
What is ARP?
Short for Address Resolution Protocol, a network layer protocol used to
convert an IP address into a physical address (called a DLC address, such as
an Ethernet address. A host wishing to obtain a physical address
broadcasts an ARP request onto the TCP/IP network. The host on the
network that has the IP address in the request then replies with its physical
hardware address.
Disadvantages of DNS Poisoning
DNS Poisoning has the limitation that it can only block a whole URL,
not a page on a URL as more sophisticated filtering methods can. It is also
very easy to bypass, as all a user needs to do is change his settings to use a
DNS server outside of his ISP connection, and this can be done very easily
by many children today.
How to remove DNS Poison
In the Start Menu, locate the Command Prompt menu item usually
found in the Accessories. Right click on the Command Prompt menu
item and select Run as Administrator.
10. Monark Modi || +918866601590 || monark111@yahoo.com
facebook.com/monark111 || twitter.com/monark111 Page 10
In the command prompt window type the following command:
ipconfig /flushdns
If the problem persists. Type the following 2 commands:
net stop dnscache
net start dnscache
Thus, this is how the DNS Poisoning Attack can be used while the
method to prevent it and avoid being a victim of it is shown here.
* Just for Educational Purposes. We are not responsible for any wrong doings by you.
Credits:
Mr. Rahul Tyagi