Re: (lame) spoofing DNS with hosts files...

From: .MetsyS. (stf@xtra.co.nz)
Date: 08/21/01


Message-Id: <3.0.6.32.20010821103753.007b6e70@pop3.xtra.co.nz>
Date: Tue, 21 Aug 2001 10:37:53 +1200
To: <vuln-dev@securityfocus.com>
From: ".MetsyS." <stf@xtra.co.nz>
Subject: Re: (lame) spoofing DNS with hosts files...

Hi all,

Quite right, it is very lame, it is not a bug.
hence the subject line

You understand perfectly.

I am just looking at ways to meddle around with security, and causing a
user to do something they did not intend to, however if you can alter the
host file... you already have root, so all in all I made a pretty silly
post, my apologies.

I too read bugtraq.

I very much enjoy the more relaxed discussion that goes on in vuln-dev
there is an immense amount of talent on this list.

Right enough of my ranting and raving and carrying on.

I'm on the hunt for some info on setting up a packet with source routing,
any pointers please ?

Hints, suggestions, questions, comments, welcome.

Thanks.
.MetsyS.

At 08:24 PM 20/8/01 +0400, Mitino-PTT support wrote:
>:))
>hehe
>really lame
>
>or maybe i don't understand
>
>i think first operating system looks hosts file and then (if not true) makes
>a dns query
>its not a bug or vulnerability
>it is feature (which came from ancient times when there was no domain name
>system on the Earth)
>i think it is not a topic for this list
>
>i can create zone file for microsoft.com on my ISP master NS server with
>entry like this
>
>www IN A 127.0.0.1
>and it will work BUT I WILL NOT WRITE about this in bugtraq !!
>
>forgive me my bad english, usually i only read bugtraq, but now after this
>message i can't be silent ;)
>
>-----Исходное сообщение-----
>От: .MetsyS. <stf@xtra.co.nz>
>Кому: vuln-dev@securityfocus.com <vuln-dev@securityfocus.com>
>Дата: 20 августа 2001 г. 20:06
>Тема: (lame) spoofing DNS with hosts files...
>
>
>>Hi everybody,
>>
>>The recent discussion on the IE bookmark problem made me think of some
>>other ways you could force sombody to point their browser somewhere they
>>were not intending to.
>>
>>My apologies if this is already well known and i'm wasting bandwidth.
>>(which is probably the case)
>>
>>You will end up at abcnews.com instead of hotmail.com in this example
>>
>>Open up your windows host file and add an entry like:
>>204.202.136.30 www.hotmail.com
>>
>>I tested this with Netscape 4.08 Win98SE with proxies turned off.
>>
>>Now open up your web browser and tell it to go to www.hotmail.com if your
>>proxy server settings are not forced you should end up at www.abcnews.com.
>>
>>I know this is silly, and rather obvious... just remember... this is not
>>just limited to the web browser, your curcumventing a DNS lookup.
>>
>>eg:
>>C:\WINDOWS>ping www.hotmail.com
>>
>>Pinging www.hotmail.com [64.4.44.7] with 32 bytes of data:
>>
>>Control-C
>>C:\WINDOWS>echo 192.168.1.2 www.hotmail.com >> hosts
>>
>>C:\WINDOWS>ping www.hotmail.com
>>
>>Pinging www.hotmail.com [192.168.1.2] with 32 bytes of data:
>>
>>Reply from 192.168.1.2: bytes=32 time=38ms TTL=255
>>
>>Ping statistics for 192.168.1.2:
>> Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
>>Approximate round trip times in milli-seconds:
>> Minimum = 38ms, Maximum = 38ms, Average = 38ms
>>Control-C
>>
>>
>>Tested the same thing under linux too... no suprises really I spose just
>>something to ponder...
>>
>>Keep a tripwire DB.
>>
>>One last thing which is kind of off topic... has anybody seen some good
>>papers that discuss loose source routing ? and how to set up a packet with
>>LSR ?
>>
>>Suggestions, comments welcome.
>>
>>.MetsyS.
>>
>
>



Relevant Pages

  • NBC Primetime Preview
    ... Back to the terrible hosts, reinforcing my decision not to bother with ... It's back with another lame food joke. ... Then they barely mention About A Boy (no clips) and then make ...
    (rec.arts.tv)
  • Re: (lame) spoofing DNS with hosts files...
    ... (lame) spoofing DNS with hosts files... ... i think first operating system looks hosts file and then makes ...
    (Vuln-Dev)
  • Re: (lame) spoofing DNS with hosts files...
    ... spoofing DNS with hosts files... ... in Windows 9X/NT/2k the first place that the system will lookup the ... > proxy server settings are not forced you should end up at www.abcnews.com. ...
    (Vuln-Dev)
  • RE: (lame) spoofing DNS with hosts files...
    ... spoofing DNS with hosts files... ... feature. ... proxy settings and catch all the web traffic with a MiM attack and ...
    (Vuln-Dev)
  • (lame) spoofing DNS with hosts files...
    ... spoofing DNS with hosts files... ... other ways you could force sombody to point their browser somewhere they ... Now open up your web browser and tell it to go to www.hotmail.com if your ...
    (Vuln-Dev)