mailing list archives
Re: DNS cache poisoning and pharming
From: Times Enemy <times () krr org>
Date: Tue, 31 May 2005 09:06:21 -0700
Using Ettercap, DNS poisoning is only a matter of modifying a text file,
and firing up the app..
As for pharming, most sniffers can be used for this, though on a
switched network some extra work may be required. Again, ettercap can
handle the switched networks.
If a network has effective IDS/IPS, and is actively monitoring for ARP
anomalies and such, then that network _may_ discover an instance of
ettercap running on it. Ettercap also can search for other instances of
ettercap, amongst a whole lot of other things. I highly suggest you
check it out.
This would be a wee bit more difficult to do against a remote ISP.
This article makes a claim that DNS poisoning and pharming are really
dangerous in that anyone can be redirected from trying to go to their
online bank to a fake bank site where there login is collected. Is this
really such a threat or is it just Logiguard advertising themselves?
- Re: DNS cache poisoning and pharming Times Enemy (Jun 01)