RE: [Full-Disclosure] DNS Hijack Attacks

From: Norman Girard (ngirard_at_qualys.com)
Date: 11/25/03

  • Next message: Steven Harrison: "Re: [Full-Disclosure] New virus" 
    To: "Richard Maudsley" <r_i_c_h@btopenworld.com>, <full-disclosure@lists.netsys.com>
Date: Tue, 25 Nov 2003 14:03:01 -0800

    Hey Richard,

    You should search for DNS Cache Poisoning.

    A pretty good document will provide you a lot of information :

    http://www.lurhq.com/dnscache.pdf

    Regards,
    Norman

    Norman Girard
    ngirard@qualys.com
    Senior Security Engineer
    Western Region
    Qualys, Inc (www.qualys.com)
    1600 Bridge Parkway
    Redwood Shores, CA 94063
    Tel : +1 650 801 6168
    Fax : +1 650 801 6101
    Cell : +1 650 868 1138
    "On-Demand Security Audits and Vulnerability Management Service for the Enterprise".

    -----Original Message-----
    From: Richard Maudsley [mailto:r_i_c_h@btopenworld.com]
    Sent: Tuesday, November 25, 2003 12:58 PM
    To: full-disclosure@lists.netsys.com
    Subject: [Full-Disclosure] DNS Hijack Attacks

    Hello,

    Sorry about this post.

    I've been trying to find information about DNS Hijack attacks for ages. I
    can't seem to find anything about them.

    Am I right in thinking that this attack is where a DNS server is broken into
    and the routing table modified so that a domain name points to a different
    server where the content is controlled by the attacker?

    Could anyone point me in the right direction for more information. I was
    hoping for a whitepaper or something...

    Regards,
        Richard

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Steven Harrison: "Re: [Full-Disclosure] New virus"

    Relevant Pages

    • Re: Still strange not fully working DNS server
      ... Best regards ... "Meinolf Weber" wrote: ... Readd it's own ip address to the NIC as preferred DNS. ... Is the new server Global catalog? ...
      (microsoft.public.windows.server.dns)
    • Re: Still strange not fully working DNS server
      ... Best regards ... If nothing helps I guess the only optuin is to reinstall server, ... "Meinolf Weber" wrote: ... Ive removed that just a few hours ago and the GPO and DNS problem ...
      (microsoft.public.windows.server.dns)
    • Re: Dcdiag fails on domain member ?
      ... Best regards ... Meinolf Weber ... This posting is provided "AS IS" with no warranties, ... Also listed under DNS shown in the AD management view. ...
      (microsoft.public.windows.server.networking)
    • Re: Thanks
      ... Best regards ... Meinolf Weber ... roles to the running server, but only if the old one really NEVER ... have to check/change is that the clients DNS configuration also ...
      (microsoft.public.windows.server.general)
    • Re: slow access xp clients on windows 2003 server
      ... Kind regards and thx for your help. ... "Meinolf Weber" wrote: ... All computers are registered correctly in the DNS zone? ... Windows IP Configuration ...
      (microsoft.public.windows.server.networking)