DNS spoofing attack

[Grand Moff Yenchin]

My firewall has informed me that I was recieving a DNS spoofing attack, I blocked the intruder yet still was getting attacks from the same guy. Is there any firewall which could efficiently stop this?

Also, I don't quite understand the definition of DNS spoofing, what kind of damage could the attacker do?

[Faram]

15.3 DNS Spoofing

Clients using HTTP rely heavily on the Domain Name Service, and are thus generally prone to security attacks based on the deliberate mis-association of IP addresses and DNS names. Clients need to be cautious in assuming the continuing validity of an IP number/DNS name association.

In particular, HTTP clients SHOULD rely on their name resolver for confirmation of an IP number/DNS name association, rather than caching the result of previous host name lookups. Many platforms already can cache host name lookups locally when appropriate, and they SHOULD be configured to do so. It is proper for these lookups to be cached, however, only when the TTL (Time To Live) information reported by the name server makes it likely that the cached information will remain useful.

If HTTP clients cache the results of host name lookups in order to achieve a performance improvement, they MUST observe the TTL information reported by DNS.

If HTTP clients do not observe this rule, they could be spoofed when a previously-accessed server's IP address changes. As network renumbering is expected to become increasingly common [24], the possibility of this form of attack will grow. Observing this requirement thus reduces this potential security vulnerability.

This requirement also improves the load-balancing behavior of clients for replicated servers using the same DNS name and reduces the likelihood of a user's experiencing failure in accessing sites which use that strategy.

Source = http://www.httpsniffer.com/http/1503.htm

In short

The one attacing you could steal your traffic alter it and then pass it on, this might be bad when doing buissneses paying bills and stuff like that.

Always make sure to never send any sensetive info like Credit card numbers and stuff like that WO using secure web pages. "https://"

DNS Spoofing and man in the middle attacks:

Linkyto Power Point Slides

[Grand Moff Yenchin]

Thanks for the info.

After I blocked this guy there has been 3 more events, which might have been blocked successfully. If this attacker succeeds, is the false connection temporal or perminent?

[Faram]

A bit more info perhaps.

What os do you use?

What firewall are you using?

Do you use a router?

Do you have a dial up or some sort of permanent connection?

[Grand Moff Yenchin]

A bit more info perhaps.

What os do you use?

What firewall are you using?

Do you use a router?

Do you have a dial up or some sort of permanent connection?

WinXP

BlackIce

No

Cable

[Vertigo1]

I'd get a hardware router if I were you. Preferably one with a firewall built-in. Even if you only have one computer using broadband, its still well worth it.

[Grand Moff Yenchin]

Thanks

[Evil Sadistic Bastard]

But it won't matter to you, right?