Ethical Hacking 简明教程

Ethical Hacking - DNS Poisoning

DNS 欺骗是一种欺骗 DNS 服务器,使其确信它已收到真实信息的技术,而实际上它并未收到。这将导致在 DNS 级别替换错误的 IP 地址,在那里 Web 地址被转换为数字 IP 地址。它允许攻击者用服务器控件的 IP 地址替换给定 DNS 服务器上目标网站的 IP 地址条目。攻击者可以创建可能包含恶意内容的服务器假 DNS 条目,名称与该服务器相同。

DNS Poisoning is a technique that tricks a DNS server into believing that it has received authentic information when, in reality, it has not. It results in the substitution of false IP address at the DNS level where web addresses are converted into numeric IP addresses. It allows an attacker to replace IP address entries for a target site on a given DNS server with IP address of the server controls. An attacker can create fake DNS entries for the server which may contain malicious content with the same name.

例如,用户键入 www.google.com,但用户会被发送到另一个欺诈网站,而不是被定向到 Google 服务器。正如我们所理解的,DNS 欺骗用于将用户重定向到由攻击者管理的虚假页面。

For instance, a user types www.google.com, but the user is sent to another fraud site instead of being directed to Google’s servers. As we understand, DNS poisoning is used to redirect the users to fake pages which are managed by the attackers.

DNS Poisoning − Exercise

让我们使用相同的工具 Ettercap 对 DNS 欺骗进行练习。

Let’s do an exercise on DNS poisoning using the same tool, Ettercap.

DNS 欺骗非常类似于 ARP 欺骗。要启动 DNS 欺骗,您必须从我们在上一章中已经讨论过的 ARP 欺骗开始。我们将使用 Ettercap 中已经存在的 DNS spoof 插件。

DNS Poisoning is quite similar to ARP Poisoning. To initiate DNS poisoning, you have to start with ARP poisoning, which we have already discussed in the previous chapter. We will use DNS spoof plugin which is already there in Ettercap.

Step 1 − 打开终端并键入“nano etter.dns”。此文件包含由 Ettercap 用于解析域名地址的所有 DNS 地址的条目。在此文件中,我们将添加 Facebook 的一个假条目。如果有人想要打开 Facebook,他将被重定向到另一个网站。

Step 1 − Open up the terminal and type “nano etter.dns”. This file contains all entries for DNS addresses which is used by Ettercap to resolve the domain name addresses. In this file, we will add a fake entry of “Facebook”. If someone wants to open Facebook, he will be redirected to another website.

terminal

Step 2 − 现在在“重定向到 www.linux.org” 字样下插入条目。请参见以下示例 −

Step 2 − Now insert the entries under the words “Redirect it to www.linux.org”. See the following example −

redirect

Step 3 - 现在保存此文件并保存文件退出。使用“ctrl+x”保存文件。

Step 3 − Now save this file and exit by saving the file. Use “ctrl+x” to save the file.

Step 4 - 此后,整个过程都相同,开始 ARP 中毒。启动 ARP 中毒后,单击菜单栏中的“插件”并选择“dns_spoof”插件。

Step 4 − After this, the whole process is same to start ARP poisoning. After starting ARP poisoning, click on “plugins” in the menu bar and select “dns_spoof” plugin.

plugins

Step 5 - 激活 DNS_spoof 后,您将在结果中看到,每当有人在其浏览器中键入 facebook.com 时,它将开始向 Google IP 进行欺骗。

Step 5 − After activating the DNS_spoof, you will see in the results that facebook.com will start spoofed to Google IP whenever someone types it in his browser.

activating

这意味着用户在其浏览器中获取 Google 页面,而不是 facebook.com。

It means the user gets the Google page instead of facebook.com on their browser.

在本练习中,我们了解了如何通过不同的工具和方法来嗅探网络流量。这里一家公司需要一位道德黑客为其提供网络安全,以阻止所有这些攻击。让我们了解一下一位道德黑客可以做些什么来防止 DNS 中毒。

In this exercise, we saw how network traffic can be sniffed through different tools and methods. Here a company needs an ethical hacker to provide network security to stop all these attacks. Let’s see what an ethical hacker can do to prevent DNS Poisoning.

Defenses against DNS Poisoning

作为一名道德黑客,您的工作很大可能将您置于预防而不是笔试的位置。您作为攻击者所知道的事情可以帮助您防止从外部采用的技术。

As an ethical hacker, your work could very likely put you in a position of prevention rather than pen testing. What you know as an attacker can help you prevent the very techniques you employ from the outside.

以下是笔试人员的角度对我们刚刚涵盖的攻击进行的防御措施:

Here are defenses against the attacks we just covered from a pen tester’s perspective −

  1. Use a hardware-switched network for the most sensitive portions of your network in an effort to isolate traffic to a single segment or collision domain.

  2. Implement IP DHCP Snooping on switches to prevent ARP poisoning and spoofing attacks.

  3. Implement policies to prevent promiscuous mode on network adapters.

  4. Be careful when deploying wireless access points, knowing that all traffic on the wireless network is subject to sniffing.

  5. Encrypt your sensitive traffic using an encrypting protocol such as SSH or IPsec.

  6. Port security is used by switches that have the ability to be programmed to allow only specific MAC addresses to send and receive data on each port.

  7. IPv6 has security benefits and options that IPv4 does not have.

  8. Replacing protocols such as FTP and Telnet with SSH is an effective defense against sniffing. If SSH is not a viable solution, consider protecting older legacy protocols with IPsec.

  9. Virtual Private Networks (VPNs) can provide an effective defense against sniffing due to their encryption aspect.

  10. SSL is a great defense along with IPsec.

Summary

在本章中,我们讨论了攻击者如何通过在网络中放置数据包嗅探器来捕获和分析所有流量。通过一个实时示例,我们了解了从给定网络中获取受害者凭证是多么容易。攻击者使用 MAC 攻击、ARP 和 DNS 中毒攻击来嗅探网络流量并获取电子邮件对话和密码等敏感信息。

In this chapter, we discussed how attackers can capture and analyze all the traffic by placing a packet sniffer in a network. With a real-time example, we saw how easy it is to get the credentials of a victim from a given network. Attackers use MAC attacks, ARP and DNS poisoning attacks to sniff the network traffic and get hold of sensitive information such as email conversations and passwords.