RE: DNS cache poisoning and pharming

From: Miguel Dilaj (mdilaj_at_nccglobal.com)
Date: 05/31/05

  • Next message: Hostas.lt: "Re: Checking when the OS was first installed" 
    To: <security-basics@securityfocus.com>
Date: Tue, 31 May 2005 14:13:19 +0100

    Hi David,

    Is real if the attacker(s) can poison the DNS or modify your hosts file.
    I've seen it in action using the second approach to a user with
    administrative privileges (so writing to the hosts file was possible).
    You don't have to click to follow a link, in fact you can use your trusted
    bookmark (the same you've been using for years), and you'll still visit the
    attacker's site.
    As usual, the theory has been lying there for years, but now it seems that a
    lot of people out there is abusing it.
    Cheers,

    Miguel

    -----Original Message-----
    From: David [mailto:david@clicksee.net]
    Sent: 31 May 2005 10:55
    To: security-basics@securityfocus.com
    Subject: DNS cache poisoning and pharming

    http://hostsearch.com/news/logiguard_news_3177.asp
     
    This article makes a claim that DNS poisoning and pharming are really
    dangerous in that anyone can be redirected from trying to go to their online
    bank to a fake bank site where there login is collected. Is this really such
    a threat or is it just Logiguard advertising themselves?
     
    Thanks,
     
    Dave

    ***********************************************************************************************************
    DISCLAIMER:
    This e-mail contains proprietary information, some or all of which may be legally privileged.
    It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail,
    please notify the author by replying to this e-mail. If you are not the intended recipient you may not use,
    disclose, distribute, copy, print or rely on this e-mail.
    ***********************************************************************************************************

  • Next message: Hostas.lt: "Re: Checking when the OS was first installed"

    Relevant Pages

    • Re: Hosts file ignored
      ... > any of the entries I have made to the server's hosts file. ... > Successfully flushed the DNS Resolver Cache. ... > I am not running a DNS server on my system. ... > I can ping IP addresses without any problem, both on the LAN and on ...
      (microsoft.public.windows.server.general)
    • Re: DNS cache and hosts file ignored
      ... On occassion I've had DNS resolution fail ... Quoting my nice shiny new "Microsoft Windows Server 2003 TCP/IP ... does not ignore the hosts file, but the resolver may not be able to read it! ... At least they are reporting it, though a read only option would be ...
      (microsoft.public.windowsxp.network_web)
    • Re: Cant see out to .co.uk from inside my .local domain (forward l
      ... Ping cp.xxx.co.uk, same question. ... I found out the ip of my .co.uk so I put this into the hosts file of the ... network only from the server which I changed the hosts file for. ... Indeed is it even a DNS issue. ...
      (microsoft.public.windows.server.sbs)
    • Re: Long failover time...
      ... The routing stack in the host uses it in the following order: lmhosts, hosts, dns and wins. ... is it finds the host IP in the hosts file and no network requests are required. ... And it only effects those hosts you put in the file, hence you only add the cluster Nodes in the file. ... MVP - Windows Server - Clustering ...
      (microsoft.public.windows.server.clustering)
    • Re: Cant see out to .co.uk from inside my .local domain (forward l
      ... Well I removed the entry from my hosts file and issued a ping command to both ... network only from the server which I changed the hosts file for. ... Indeed is it even a DNS issue. ...
      (microsoft.public.windows.server.sbs)