Home page logo
/

basics logo Security Basics mailing list archives

Re: DNS cache poisoning and pharming
From: Times Enemy <times () krr org>
Date: Tue, 31 May 2005 09:06:21 -0700

Greetings.

http://ettercap.sourceforge.net/

Using Ettercap, DNS poisoning is only a matter of modifying a text file, and firing up the app..

As for pharming, most sniffers can be used for this, though on a switched network some extra work may be required. Again, ettercap can handle the switched networks.

If a network has effective IDS/IPS, and is actively monitoring for ARP anomalies and such, then that network _may_ discover an instance of ettercap running on it. Ettercap also can search for other instances of ettercap, amongst a whole lot of other things. I highly suggest you check it out.

This would be a wee bit more difficult to do against a remote ISP.


.times enemy


David wrote:

http://hostsearch.com/news/logiguard_news_3177.asp

This article makes a claim that DNS poisoning and pharming are really
dangerous in that anyone can be redirected from trying to go to their
online bank to a fake bank site where there login is collected. Is this
really such a threat or is it just Logiguard advertising themselves?

Thanks,

Dave


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]