Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS POISONING + CENSORSHIP LAB DUSTIN VANDENBERG, VIPUL AGARWAL, LIANG ZHAO.

Published byAda Nichols Modified over 8 years ago

Similar presentations

Presentation on theme: "DNS POISONING + CENSORSHIP LAB DUSTIN VANDENBERG, VIPUL AGARWAL, LIANG ZHAO."— Presentation transcript:

1 DNS POISONING + CENSORSHIP LAB DUSTIN VANDENBERG, VIPUL AGARWAL, LIANG ZHAO

2 WHERE WERE WE LAST TIME? Rough outline of the content of the lab Real world connections General explanation of DNS

3 PROGRESS SINCE LAST UPDATE Researched various sources Helps our understanding Can provide resources in lab as hints Fleshed out ideas into main steps of lab Answered questions posed by Professor

4 SOURCES COMPILED DNS Archetecture The Hosts File and What it can do for you Decrypting SSL traffic with Wireshark and ways to prevent it Traffic Analysis with Wireshark Using Wireshark to Decode SSL/TLS Packets Investigation of DHCP Packets using Wireshark Wireshark Lab: DNS Wireshark User’s Guide Man in the Middle Attack: Tutorial

5 BACKGROUND REQUIRED What is DNS Using Wireshark Socket Programming (C, C++, Java) Proxies Man-in-the-Middle Attack Cookies Professor Egele asked about using compiled vs. non-compiled languages: Compiled would be better to simulate a “virus” which can be spread and execute remotely

6 STEP 1: RECONNAISSANCE Use Wireshark to examine the following about HTTP and DNS packets sent to your “target” website: What is the IP address associated with that website? Where is the traffic going from/to? What information is being sent in the HTTP packets? Is any of the information encrypted? If so, how does this complicate this process? What ports are being used? Professor Egele asked about DNS vs HTTP

7 STEP 2: CONTROL SYSTEM Use Java, C, or C++ to create a man-in-the-middle proxy which does the following: Accepts incoming connections on the same port that we found was used before Can support outbound connections to the localhost Can read and edit the content which is received and sent between these connections This is the basic framework We will add more functionality later

8 STEP 3: REDIRECT Edit the hosts file to redirect traffic to your control system Use wireshark to ensure that the packets are being properly redirected How are the DNS packets different? How are the HTTP packets different? Can the client still communicate with the server? What are the limitations of this technique? What are the limitations on editing hosts files? Are there other ways to accomplish the same goal?

9 STEP 4: EXPLOIT Block all access to the “target” site. What are different ways this can be done? Redirect the user to a completely different site Monitor the traffic for “keywords” Send some sort of warning to the “attacker” whenever a site has those words Replace content from the site with completely new content Change/censor part of the content Add content to the site presented to the user Can this be used in the context of XSS? (hint: yes) Suggested by Professor Egele

10 STEP 5: CONTEXT What sort of access does an attacker need to execute this? What protections are there to prevent this? Does SSL/HTTPS stop this? What can it do? How has this been applied on larger scales? Can this be done for an entire local network, rather than a single computer? How would one go about that?

11 NEXT STEPS Write out lab in Twiki with formatting and questions Test lab Figure out the timing/difficulty of each question Narrow down sources and decide what information to provide

12 QUESTIONS?

Download ppt "DNS POISONING + CENSORSHIP LAB DUSTIN VANDENBERG, VIPUL AGARWAL, LIANG ZHAO."

Similar presentations

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
(4.4) Internet Protocols Layered approach to Internet Software 1.

(4.4) Internet Protocols Layered approach to Internet Software 1.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.

Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
IST346:  Web Services. Today’s Agenda  Learn the basics of how the Web works  Understand various web service architectures  Address scaling, security,

IST346:  Web Services. Today’s Agenda  Learn the basics of how the Web works  Understand various web service architectures  Address scaling, security,
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Similar presentations

Ads by Google