[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: spoofing DNS..
- To: Aviram Jenik <aviram(at-nospam)jenik.com>
- Subject: Re: spoofing DNS..
- From: Sagi Bashari <sagi(at-nospam)aresworld.net>
- Date: Tue, 26 Dec 2000 21:46:37 +0200 (IST)
- cc: Tizmo <Tizmo(at-nospam)Newmail.Net>, <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux.org.il-linux-il@linux.org.il
- In-Reply-To: <00d101c06f71$20f61680$0201a8c0@aviram>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
Yea.. sorry, I ment DNS spoofing.
however, you still can't spoof on most of the irc servers today.
On Tue, 26 Dec 2000, Aviram Jenik wrote:
> IP Spoofing is not DNS spoofing. Actually, there's very little in common
> between the two attacks.
>
> In DNS Spoofing, you want people who type www.amazon.com to reach your web
> site (www.geocities.com/someplace/attacker.html). This way, you can build a
> web page that looks like Amazon and make people send you their credit cards
> thinking they just bought a Christmas present.
>
> IP spoofing means faking another person's IP address, usually for one of two
> reasons: Do something the other person can (for example: bypassing TCP
> Wrappers by entering an IP address that is allowed to telnet in) or to
> 'frame' someone by making a third party think the victim was the one who
> performed an attack (or in the example below, to curse someone on IRC and
> make everybody think it was someone else).
>
> How do we do IP spoofing:
> Like someone mentioned before, hping can be used to create arbitrary
> packets, which are good for the second attack (framing somone):
> http://www.securiteam.com/tools/HPing__a_network_analysis_tool.html
>
> This will not work, however, for TCP/IP sessions (like IRC). Unlike UDP, TCP
> requires you to maintain a complete session, which means for example that
> you need to acknowledge every packet you receive. Since you don't actually
> *receive* the packet (someone else does: The person whose IP you faked) you
> don't know the packet's sequence numbering and thus you can't acknowledge
> it. Things start to complicate here, as some OSes have weak sequence
> numbering and thus these numbers can be guesses (or rather 'brute forced')
> but I'll ignore this for now.
> To play a bit with TCP/IP spoofing and hijacking (the lovely attack where
> you take a live TCP/IP session between the victim and a remote server and
> continue it for them - for example, hijack a telnet session after the user
> has logged in), try hunt or juggernaut:
> http://www.securiteam.com/tools/Hunt__a_new_Hijacking_software.html
> http://www.securiteam.com/tools/Juggernaut__a_session_hijacking_tool.html
>
> Try to run it on a victim on your local network (if your network is not
> switch based but rather hub based) and you'll have a lot of fun. Note that
> you need to be able to 'sniff' the responses in order for the hijacking to
> work.
>
> nmap (www.insecure.org/nmap) has a nice port scanning mode where you give IP
> addresses of 'decoys' and nmap spoofs port scans from them. This can be used
> to 'frame' someone you hate, but also makes it very difficult for the system
> administrator to know who really scanned him (imagine being scanned by 100+
> machines: Now you have to find out which one of them is the one who actually
> scanned you).
>
>
> How to do DNS Spoofing:
>
> The most common way is 'cache poisoning'. I won't write the whole
> explanation of it, since it's available in the link below:
> http://www.securiteam.com/windowsntfocus/DNS_Spoofing_and_Windows_NT_DNS.htm
> l
> (NOTE: URL might be wrapped)
>
> The explanation is about Windows NT DNS, but it is mostly true for Linux as
> well.
>
>
> - Aviram
>
>
> ----- Original Message -----
> From: "Sagi Bashari" <sagi@aresworld.net>
> To: "Tizmo" <Tizmo@Newmail.Net>
> Cc: <linux-il@linux.org.il>
> Sent: Tuesday, December 26, 2000 7:53 PM
> Subject: Re: spoofing DNS..
>
>
> > Tizmo,
> >
> > You cannot spoof your IP on IRC today. IRC works on TCP, not spoofable.
> > there used to be a way to spoof by exploiting some hole in old versions
> > of bind, but 99% of the DNS Servers today are patched.
> >
> > .. just leave it.
> >
> > On Tue, 26 Dec 2000, Tizmo wrote:
> >
> > > lets say i want to connect to an irc server with a spoofed ip, can i do
> it ?
> > > or i want to surf the web not with my real ip..
> > > if i and if i cant tell me how can i send pings with a spoffed ip .. and
> > > what is hping2 ?
> > >
> > > ----- Original Message -----
> > > From: <ishaybas@netvision.net.il>
> > > To: "'Tizmo'" <Tizmo@Newmail.Net>; <linux-il@linux.org.il>
> > > Sent: Tuesday, December 26, 2000 6:35 PM
> > > Subject: RE: spoofing DNS..
> > >
> > >
> > > >
> > > > depends what you want to do with it...
> > > > don't forget that sending packets from a spoofed ip, will result in no
> > > > replies...
> > > > if you want to do a spoof icmp or udp attacks you can use hping2 for
> > > > instance...
> > > > question still stands, what are you trying to accomplish?
> > > >
> > > > -----Original Message-----
> > > > From: linux-il-bounce@cs.huji.ac.il
> > > > [mailto:linux-il-bounce@cs.huji.ac.il]On Behalf Of Tizmo
> > > > Sent: Tuesday, December 26, 2000 6:24 PM
> > > > To: linux-il@linux.org.il
> > > > Subject: Re: spoofing DNS..
> > > >
> > > >
> > > > i mean spoffing my ip
> > > > ----- Original Message -----
> > > > From: "Eddie Harari" <eddieh@you-niversity.com>
> > > > To: "'Tizmo'" <Tizmo@Newmail.Net>; <linux-il@linux.org.il>
> > > > Sent: Tuesday, December 26, 2000 2:24 PM
> > > > Subject: RE: spoofing DNS..
> > > >
> > > >
> > > > > what exactly do you mean by spoofing DNS ,
> > > > >
> > > > > reply to requests that came to your dns server with fault data ???
> > > > > or spoof your IP ?
> > > > >
> > > > > -----Original Message-----
> > > > > From: Tizmo [mailto:Tizmo@Newmail.Net]
> > > > > Sent: Tuesday, December 26, 2000 12:24 PM
> > > > > To: linux-il@linux.org.il
> > > > > Subject: spoofing DNS..
> > > > >
> > > > >
> > > > > hey list,
> > > > > i heard about spoffing dns in linux .. like, changing your ip
> address to
> > > > > what ever you like it to be.
> > > > > i just wanted to know if it's true and if it is i really would like
> to
> > > > know
> > > > > how it's can be done.
> > > > > thanks.
> > > > >
> > > > >
> > > > > =================================================================
> > > > > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > > > the word "unsubscribe" in the message body, e.g., run the command
> > > > > echo unsubscribe | mail linux-il-request@linux.org.il
> > > > >
> > > > > =================================================================
> > > > > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > > > the word "unsubscribe" in the message body, e.g., run the command
> > > > > echo unsubscribe | mail linux-il-request@linux.org.il
> > > > >
> > > > >
> > > >
> > > >
> > > > =================================================================
> > > > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > > the word "unsubscribe" in the message body, e.g., run the command
> > > > echo unsubscribe | mail linux-il-request@linux.org.il
> > > >
> > > >
> > > >
> > > > =================================================================
> > > > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > > the word "unsubscribe" in the message body, e.g., run the command
> > > > echo unsubscribe | mail linux-il-request@linux.org.il
> > > >
> > > >
> > >
> > >
> > > =================================================================
> > > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > the word "unsubscribe" in the message body, e.g., run the command
> > > echo unsubscribe | mail linux-il-request@linux.org.il
> > >
> > >
> >
> > _
> > ___ __ _ __ _(_) Sagi Bashari
> > (_-</ _` / _` | | - sagi@aresworld.net
> > /__/\__,_\__, |_|
> > |___/
> >
> >
> > =================================================================
> > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail linux-il-request@linux.org.il
> >
> >
>
>
_
___ __ _ __ _(_) Sagi Bashari
(_-</ _` / _` | | - sagi@aresworld.net
/__/\__,_\__, |_|
|___/
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il