Home page logo

basics logo Security Basics mailing list archives

Re: DNS cache poisoning and pharming
From: Times Enemy <times () krr org>
Date: Tue, 31 May 2005 09:06:21 -0700



Using Ettercap, DNS poisoning is only a matter of modifying a text file, and firing up the app..

As for pharming, most sniffers can be used for this, though on a switched network some extra work may be required. Again, ettercap can handle the switched networks.

If a network has effective IDS/IPS, and is actively monitoring for ARP anomalies and such, then that network _may_ discover an instance of ettercap running on it. Ettercap also can search for other instances of ettercap, amongst a whole lot of other things. I highly suggest you check it out.

This would be a wee bit more difficult to do against a remote ISP.

.times enemy

David wrote:


This article makes a claim that DNS poisoning and pharming are really
dangerous in that anyone can be redirected from trying to go to their
online bank to a fake bank site where there login is collected. Is this
really such a threat or is it just Logiguard advertising themselves?



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]