Jump to content

Two Dns Spoofing Questions


ddxd
 Share

Recommended Posts

Hey,

So with Etthercap and the DNS spoofing plugin you can forward a domain to another IP when ARP poisoning a victim and a gateway. Simple.

1. Its it possible to do this over WIFI using Ettercap, i have only done this attack on a wired network and want to know if it would work on a open network, what if the network is encrypted but i have the key?

2. Its easy to Telnet into a router, can i do this attack at that level by changing the config files like the hosts files? to forward domains to other ip's? are there any other interesting attacks that can be done on the actual router. BTW i use Netgear routers.

Thanks! If you can answer any of these for me i would be grateful :)

Happy Hacking!

Link to comment
Share on other sites

1 - If you can do it on wired, you can do it on wireless, so long as you control the session/packets, you can do whatever you want with them unless they are encrypted. If they are encrypted, you can not see the data, but you can stop its flow and point it anywhere you want.

2 - Telnetting to a router alone does not give you control of it, and not all routers let you do redirects, like a hosts file within the router config. Thats not to say you cant block certain sites, as some routers let you configure differnt features such as firewall rules for P2P and Bit Torrent, I doubt you will be able to down and out redirect say, sitea.com to siteb.com as a hardcoded change in the router unless it has 1, custom firmware, or 2 the built in feature to edit DNS for specific sites. Cisco routers let you do somethings to an extent, but for the most part, they would share their routing tables and map based on DNS they receive, so if you control the DNS server the router gets its info from, then you could control everything the end user sees. This is a common attack on wireless routers that arent locked down, where attackers change their DNS servers on the router to their own, redirecting all the end users traffic through their own DNS and in the process able to monitor and redirect them where ever they want at will.

http://blog.trendmicro.com/protecting-your...inding-attacks/

Edited by digip
Link to comment
Share on other sites

Yes it is possible, I saw a video on irongeek.com, that showed this guys redirecting one of his victims from google.com to hotmail.com. He wasn't using Ethercap but Cain instead, but you can still use Ethercap to do DNS spoofing.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...