Ted
asked on
DNS spoofing
I had a partner claim that his small business was subject to a DNS attack where his staff's browsing was redirected to bogus sites. And the attack was done from the OUTSIDE.
I think I understand how such an attack is made... you perform a man-in-the-middle where you intercept the DNS query and then return to the client an IP address to a site that you really want them to go...
But how is that really done if the attack is from the public internet? How do you actually get the clients to send the query to you instead?? I promise I won't turn you in ;-) and I certainly am not going to do this, but how is this physically done?? Don't you have to have a registered DNS server at your control?? And don't you have to be able to hack into the client machines to change their pointers??
Is this a common occurrance?
I think I understand how such an attack is made... you perform a man-in-the-middle where you intercept the DNS query and then return to the client an IP address to a site that you really want them to go...
But how is that really done if the attack is from the public internet? How do you actually get the clients to send the query to you instead?? I promise I won't turn you in ;-) and I certainly am not going to do this, but how is this physically done?? Don't you have to have a registered DNS server at your control?? And don't you have to be able to hack into the client machines to change their pointers??
Is this a common occurrance?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I just hit "send" and didn't see that last comment...
Reading it now... thanks
Reading it now... thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
no they are just updating the local resource cache
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did ask him and he said that his IT adjusted his firewall, he didn't get specific though.
Should I believe him?
Should I believe him?
ASKER
Just curious if you know of an actual successful DNS attack where users were re-directed to a bogus site, and if so, how was it fixed?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Nope, I just have a terrible memory.
Thank you!
Thank you!
ASKER
Thanks!!
ASKER
Do they get into your local DNS server and change its entries?
How are they doing it?