Pages

Sunday, November 28, 2010

DNS spoofing

DNS spoofing is nothing but while resolving the host name, instead of taking to the legitimate page taking to some other page. I know we everyone is not capable of hacking a Domain name server. But we can do it in our system. To do this you should have administrator privilege. 
In Windows there is a file at location c:\windows\system32\drivers\etc\hosts which is the first reference for any DNS resolving. Thus the Windows machine first look into that file before sending any DNS request. If any entry for the corresponding host is present, that particular IP address will be directly requested. No additional DNS lookup is needed. You can open that file in notepad and edit. But open as administrator.
That file will look like this (Microsoft copyrighted file)

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1       localhost
# ::1             localhost



At present this file has no effect as every line in this file are comment line (started with a # symbol). You can add a line at the end like,
66.249.89.99    yahoo.com
This line has the IP address of Google but the host name is yahoo.com. Just add this line and save the file. Now if you enter yahoo.com in your browser, it will take you to google.com. It may seem as not so effective. But if you use it in a intelligent way, it'll serve a lot. For example, if you add entries for websites you visit frequently, every time you enter those websites in your browser, it won't need to resolve the name. So you can have a faster performance. And also not limited with it, you can do more.
DISCLAIMER: Information provided in this page and any of the page of this blog is only for informational purposes. Any activities done by the reader or any other person, the blog or the writer or the blog owner is not responsible for that.
Posted by Balakumaran at 10:24 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)