Reg : DNS Cache poisoning
sudheer.bysani at gmail.com
Tue Sep 18 22:38:01 UTC 2007
I'm in the process of developing a lab for Security Education
(http://www.cis.syr.edu/~wedu/seed/index.html) and require some help on
conducting DNS Cache Poisoning attacks.
Pharming Guide (http://www.ngssoftware.com/papers/ThePharmingGuide.pdf)
explains DNS Cache poisoning attack, where in the attacker name server
includes the additional (faked) resolution records (of other websites)
apart from what its actually asked for.
I'm wondering how exactly to do this. I know this issue has been fixed
in Bind 9. I was trying the same in 8.4.6, but still unsuccessful.
This is my SOA for the same:
@ IN SOA ns1.example.com. admin.example.com. (
example.com. IN NS ns1.example.com.
example.com. IN NS *ns2.someweb.com.*
example.com. IN MX 10 mail.example.com.
ns1 IN A 192.168.1.1
*ns2.someweb.com. IN A 192.168.1.2*
Now, if I try to dig www.example.com, it shows ns2.someweb.com as one of
the name servers, but it actually resolves the IP address of
ns2.someweb.com if it actually exists.
How do I make the bind resolve ns2.someweb.com to the IP address I
Is it actually possible to send fake resolution records for the domain
which the name server doesn't represent ?
Any help is appreciated.
More information about the bind-users