Presentation on theme: "DNS Attack Dalia Solomon. CONFIGURATION KNOPPIX SDT STD stands for security tools distribution A bootable CD with Linux OS, Linux kernel 2.4.2 STD focuses."— Presentation transcript:
DNS Attack Dalia Solomon
KNOPPIX SDT STD stands for security tools distribution A bootable CD with Linux OS, Linux kernel STD focuses on information security and network management tools.
Step I Laptop A Was booted from CD drive, with Knoppix STD. Laptop B Runs Ethereal
Step II On laptop A, I type the following command: arpspoof –i eth Arpspoof intercepts packets on a switched LAN
What actually happens? Laptop A, constantly sends laptop B, ARP replies ARP saying: MAC address (00-0c-29- df-af-9b) belongs to the IP of the DNS server ( ) laptop B, makes a wrong entry in his ARP cache
Result….. Laptop B wants to send an IP packet to the DNS server it sends the Ethernet frame to Laptops A MAC address, so actually laptop A gets the IP packet.
On laptop A, we have the following screen :
Note when I type the command (on Laptop B): arp -a Shows us the local machines arp table Table gives the machine a set of remembered MAC addresses for IP address Reason does not need to repeatedly broadcast to find this information for each network transmission.
Step III on laptop A, and type the following command dnsspoof
Next….. edit /var/www/index.htm Write the html code. In our case youve been spoofed.