Class Project Showcase: DNS Spoofing
4 likes3,081 views
1) The document discusses DNS spoofing techniques including DNS cache poisoning, DNS ID spoofing, and exploiting the birthday paradox. 2) It describes two versions of a DNS ID spoofing tool called dnsspoof.py that either targets a specific victim or all victims on the network. 3) Examples are given using the Scapy Python library to build and sniff packets to demonstrate how the DNS spoofing tools could be implemented.
![Scapy Example -- Packet Sniffing
>>> sniff(filter="icmp and host 66.35.250.151", count=2)
<Sniffed: UDP:0 TCP:0 ICMP:2 Other:0>
>>> a=_
>>> a.nsummary()
0000 Ether / IP / ICMP 192.168.5.21 echo-request 0 / Raw
0001 Ether / IP / ICMP 192.168.5.21 echo-request 0 / Raw
>>> a[1]
<Ether dst=00:ae:f3:52:aa:d1 src=00:02:15:37:a2:44
type=0x800 |<IP version=4L
ihl=5L tos=0x0 len=84 id=0 flags=DF frag=0L ttl=64
proto=ICMP chksum=0x3831
src=192.168.5.21 dst=66.35.250.151 options='' |<ICMP
type=echo-request code=0
chksum=0x6571 id=0x8745 seq=0x0 |<Raw
load='Bxf7gxdax00x07umx08tnx0b
x0crx0ex0fx10x11x12x13x14x15x16x17x18x19x1
ax1bx1cx1d
x1ex1f !x22#$%&'()*+,-./01234567' |>>>](https://image.slidesharecdn.com/91-564datacommiiprojpresentations-101219001649-phpapp01/85/Class-Project-Showcase-DNS-Spoofing-9-320.jpg)
Class Project Showcase: DNS Spoofing
- 1. 91.564 Project Presentation DNS Spoofing Beibei (Betty) Yang byang1@cs.uml.edu
- 3. DNS in the real world
- 4. DNS Spoofing (Pharming) pharming n. the process of producing medically useful products from genetically modified plants and animals. (dictionary.com) DNS Spoofing The art of making a DNS entry to point to an another IP than it would be supposed to point to. Three techniques: 1. DNS Cache Poisoning 2. DNS ID Spoofing 3. Making the attack more accurate with the Birthday Paradox
- 5. DNS ID Spoofing (Ver. 1) 1. ARP Poison 2. Sniff DNS packets from a certain victim 3. Reply fake DNS packets ./dnsspoof.py <dns_server> <victim> <impersonating_host>
- 6. DNS ID Spoofing (Ver. 2) 1. Continuous ARP Poison 2. Sniff DNS packets from all victims 3. Reply all victims with fake DNS packets ./dnsspoofv2.py <dns_server> <impersonating_host>
- 7. Implementation OS: Ubuntu 9.10 Language: Python 2.6.5 Library: Scapy 2.1.1 http://www.secdev.org/projects/scapy/
- 8. Scapy Example -- Building a packet $ sudo scapy Welcome to Scapy (2.0.1-dev) >>> IP() <IP |> >>> target="www.target.com" >>> target="www.target.com/30" >>> ip=IP(dst=target) >>> ip <IP dst=<Net www.target.com/30> |>
- 9. Scapy Example -- Packet Sniffing >>> sniff(filter="icmp and host 66.35.250.151", count=2) <Sniffed: UDP:0 TCP:0 ICMP:2 Other:0> >>> a=_ >>> a.nsummary() 0000 Ether / IP / ICMP 192.168.5.21 echo-request 0 / Raw 0001 Ether / IP / ICMP 192.168.5.21 echo-request 0 / Raw >>> a[1] <Ether dst=00:ae:f3:52:aa:d1 src=00:02:15:37:a2:44 type=0x800 |<IP version=4L ihl=5L tos=0x0 len=84 id=0 flags=DF frag=0L ttl=64 proto=ICMP chksum=0x3831 src=192.168.5.21 dst=66.35.250.151 options='' |<ICMP type=echo-request code=0 chksum=0x6571 id=0x8745 seq=0x0 |<Raw load='Bxf7gxdax00x07umx08tnx0b x0crx0ex0fx10x11x12x13x14x15x16x17x18x19x1 ax1bx1cx1d x1ex1f !x22#$%&'()*+,-./01234567' |>>>
- 10. sudo ./dnsspoof.py 68.87.73.246 192.168.1.104 129.63.176.200 sudo ./dnsspoof.py 68.87.71.230 192.168.1.104 129.63.176.200 sudo ./dnsspoofv2.py 68.87.73.246 129.63.176.200 sudo ./dnsspoofv2.py 68.87.71.230 129.63.176.200
- 11. Victim A Switch network Windows XP
- 13. Victim B Wireless Jolicloud