StarDestroyer.Net BBS

Get your fill of sci-fi, science, and mockery of stupid ideas
http://stardestroyer.dyndns-home.com/

DNS spoofing attack

http://stardestroyer.dyndns-home.com/viewtopic.php?f=24&t=47781

Page 1 of 1

DNS spoofing attack

Posted: 2004-06-22 08:22am
by Grand Moff Yenchin
My firewall has informed me that I was recieving a DNS spoofing attack, I blocked the intruder yet still was getting attacks from the same guy. Is there any firewall which could efficiently stop this?

Also, I don't quite understand the definition of DNS spoofing, what kind of damage could the attacker do?

Posted: 2004-06-22 09:42am
by Faram
15.3 DNS Spoofing

Clients using HTTP rely heavily on the Domain Name Service, and are thus generally prone to security attacks based on the deliberate mis-association of IP addresses and DNS names. Clients need to be cautious in assuming the continuing validity of an IP number/DNS name association.

In particular, HTTP clients SHOULD rely on their name resolver for confirmation of an IP number/DNS name association, rather than caching the result of previous host name lookups. Many platforms already can cache host name lookups locally when appropriate, and they SHOULD be configured to do so. It is proper for these lookups to be cached, however, only when the TTL (Time To Live) information reported by the name server makes it likely that the cached information will remain useful.

If HTTP clients cache the results of host name lookups in order to achieve a performance improvement, they MUST observe the TTL information reported by DNS.

If HTTP clients do not observe this rule, they could be spoofed when a previously-accessed server's IP address changes. As network renumbering is expected to become increasingly common [24], the possibility of this form of attack will grow. Observing this requirement thus reduces this potential security vulnerability.

This requirement also improves the load-balancing behavior of clients for replicated servers using the same DNS name and reduces the likelihood of a user's experiencing failure in accessing sites which use that strategy.


Source = http://www.httpsniffer.com/http/1503.htm

In short

The one attacing you could steal your traffic alter it and then pass it on, this might be bad when doing buissneses paying bills and stuff like that.

Always make sure to never send any sensetive info like Credit card numbers and stuff like that WO using secure web pages. "https://"

DNS Spoofing and man in the middle attacks:

Linkyto Power Point Slides

Posted: 2004-06-22 10:29am
by Grand Moff Yenchin
Thanks for the info.

After I blocked this guy there has been 3 more events, which might have been blocked successfully. If this attacker succeeds, is the false connection temporal or perminent?

Posted: 2004-06-22 10:36am
by Faram
A bit more info perhaps.

What os do you use?

What firewall are you using?

Do you use a router?

Do you have a dial up or some sort of permanent connection?

Posted: 2004-06-22 12:58pm
by Grand Moff Yenchin
Faram wrote:A bit more info perhaps.

What os do you use?

What firewall are you using?

Do you use a router?

Do you have a dial up or some sort of permanent connection?
WinXP

BlackIce

No

Cable

Posted: 2004-06-23 03:12pm
by Vertigo1
I'd get a hardware router if I were you. Preferably one with a firewall built-in. Even if you only have one computer using broadband, its still well worth it.

Posted: 2004-06-23 10:39pm
by Grand Moff Yenchin
Thanks :)

Posted: 2004-06-23 10:41pm
by Evil Sadistic Bastard
But it won't matter to you, right?
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited