RE: DNS cache poisoning and pharming
Salvador.Manaois_at_infineon.com
Date: 05/31/05
- Previous message: Ron: "Re: Snort sniffer logs"
- Maybe in reply to: David: "DNS cache poisoning and pharming"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 31 May 2005 22:15:02 +0800 To: <david@clicksee.net>, <security-basics@securityfocus.com>
Imho this is a serious threat that every sysadmin and ISO should be
concerned with. Classic MITM attacks (with ARP spoofing) could be used
to trick users to connect to a rogue DNS server which contains records
of well-known sites which are actually spoofed on the attacker's web
server. To the user, it would seem that he is connecting to the
www.paypal.com (for example) when he is in fact connected to a spoofed
page on the attacker's web server.
Phishing requires some user interaction (clicking on some links, for
example) but pharming is an entirely different story. The user might
just type www.somepaysite.com in the address bar and would be shown a
relatively harmless page.
...badz...
http://www.rancidroot.blogspot.com
-----Original Message-----
From: David [mailto:david@clicksee.net]
Sent: Tuesday, May 31, 2005 5:55 PM
To: security-basics@securityfocus.com
Subject: DNS cache poisoning and pharming
http://hostsearch.com/news/logiguard_news_3177.asp
This article makes a claim that DNS poisoning and pharming are really
dangerous in that anyone can be redirected from trying to go to their
online bank to a fake bank site where there login is collected. Is this
really such a threat or is it just Logiguard advertising themselves?
Thanks,
Dave
- Previous message: Ron: "Re: Snort sniffer logs"
- Maybe in reply to: David: "DNS cache poisoning and pharming"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
