Shulou(Shulou.com)06/02 Report--

This article is to share with you about how to analyze ARP deception and DNS deception, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

ARP spoofing is commonly used by hackers. There are two kinds of ARP spoofing, one is to deceive the ARP table of the router, and the other is to cheat the gateway of the intranet PC. DNS attacks block the server network and paralyze the server. The following editor will analyze ARP deception / DNS deception.

Simple example of ARP spoofing

There are three PCs (using virtual machines): a, B, C, and the IP address is set by itself. An acts as the attacker, B acts as the gateway, and C acts as the cheating object. At the same time, B also acts as a DNS server.

1. Set the corresponding TCP/IP parameters in the three virtual machines A, B, C respectively.

two。 Publish two websites in IIS on Gateway B and attacker A. Make two simple static pages as the home page of the two sites, the home page of the two sites should be different and easy to distinguish.

3. Complete the setup of the DNS server on gateway B. Establish a forward lookup zone and add a mapping between domain name and IP address.

4. Run Cain on attacker An and implement ARP spoofing.

5. Verify that ARP spoofing is successful.

6. Complete DNS spoofing on Cain.

Set its corresponding TCP/IP parameters.

Cain DNS deception

The xp:192.168.58.1 host was deceived.

Virtual machine 1VR 192.168.58.2 (attacker)

Virtual machine 2VR 192.168.58.3 (gateway)

Change the content of the Myweb website!

Attacker: IIS edits myweb on 192.168.58.2, close other

Gateway: IIS edits myweb on 192.168.58.3 and closes other

The gateway opens the DNS

On the 192.168.58.2 attacker

Left gateway, right deceiving object

Verify that DNS spoofing is successful

When you search www.sina.com on Xp192.168.58.1, you actually visit the web page that the attacker wants to show you.

Implement arp spoofing in the deceived party ping attacker and gateway arp-a

The method and principle of DNS deception

Suppose that host A wants to access Baidu, then host A first sends a request to the local DNS server, and then the local DNS server checks to see if Baidu's website server is in its DNS cache table; if not, it is like the root DNS

The server sends an access request, and then, according to the type of domain name address, the server returns the corresponding domain DNS server ip address to host A, which then visits the domain DNS server, and the domain server queries the registration information.

Tell host A where the server address of Baidu is, so that host A can find Baidu's server!

Through DNS deception, change the ip address of Baidu to the ip address of host B (attacker), so that host An accesses the Baidu server disguised by host B.

The above is how to analyze ARP deception and DNS deception, the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.