Upload
vic
View
220
Download
0
Embed Size (px)
Citation preview
8/16/2019 Lab1 Security Example
1/13
0
HOSTS FILE ATTACK Lab 1 – INFO24178 Computer and Network Security – Winter 2016
FEBRUARY 2, 2016
Sheridan College, Davis Campus
8/16/2019 Lab1 Security Example
2/13
1
ContentsLab 1: Hosts File Attack ................................................................................................................................ 2
Task Description ....................................................................................................................................... 2
Project 3-3: Hosts File Attack ................................................................................................................ 2
Introduction .............................................................................................................................................. 3
Literature Review ..................................................................................................................................... 3
Key concepts ......................................................................................................................................... 3
Differential diagnosis: ARP versus DNS poisoning ................................................................................ 3
Modus operandi .................................................................................................................................... 4
Lab Objective ............................................................................................................................................ 4
Procedure ............................................................................................................................................. 5
Result .................................................................................................................................................. 10
Reversal .............................................................................................................................................. 10
Additional Note .................................................................................................................................. 10
Conclusion .......................................................................................................................................... 10
Bibliography................................................................................................................................................ 12
8/16/2019 Lab1 Security Example
3/13
2
Lab : Hosts File Attack
Task Description
Project 3-3: Hosts File Attack
Complete requirements 1 - 13, take screen capture of significant changes/modifications.
Include with your formatted report submission.
Use Rubric as outline for submission, failure to do will mean deducted marks. You have been
warned, don't submit document with images having not proper figure notation, no reference
that are used in body of text.
8/16/2019 Lab1 Security Example
4/13
3
Introduction
Hosts file attack is one of the ways of DNS poisoning and redirecting a request for a Webpage to a malicious
site. This technique does not require any sophisticated knowledge or experience and is easy to carry out.
The attack has the ability to cause major impact with minimal resources. In this lab, we will be able to
understand how this attack can be carried out and the ease with which it can be achieved.
Literature Review
DNS poisoning as a means to conduct a hosts file attack can cause serious impact on the users
and businesses. On Jan 21, 2014, “The Register” a leading UK daily reported how Chinese netizens
were not able to access social media and messaging websites that affected about 3 million users.
This incident required about 12 hours to resolve and was a major setback for the Internet Service
Providers and businesses and individuals who depended on these services. (Leyden, 2014)
DNS poisoning was unveiled in July 2008 and it highlighted the simplicity and ease of the attack
that lacked any sophistication in terms of the resources or bandwidth requirements to bring
down major establishments. (Halley, 2008)
Key concepts
DNS : Domain Name System (DNS) is a hierarchical name system that matches computer names
and numbers for IP address resolution.
ARP: Address Resolution Protocol (ARP) is a part of the TCP/IP protocol for determining the MAC
address based on the IP address.
Differential diagnosis: ARP versus DNS poisoning
ARP poisoning is an example of corrupting the ARP cache that involves substitution of the IP
address by a fraudulent MAC address while DNS poisoning substituting a fraudulent IP address
for a symbolic name causing the computer to redirect to another device.
8/16/2019 Lab1 Security Example
5/13
4
Modus operandi
The attacker may choose to substitute the fraudulent IP address so that the computer is
automatically redirected to another device. This can be done at two different locations –
The local host table
The external DNS server
Lab Objective
Demonstration of the hosts file attack in the local host table as a technique of Domain Name System (DNS)
poisoning.
8/16/2019 Lab1 Security Example
6/13
5
Procedure
Initial State
ltering the Hosts file
Start > All Programs > Accessories
Figure 1 Finding the Notepad to run as an administrator
Right-click Notepad > Run as administrator Click File > Open
Search result for thewebsite www.course.com Search result for the websitewww.sheridancollege.ca
8/16/2019 Lab1 Security Example
7/13
6
Click File Name drop-down arrow to change from Text Documents (*.txt) to All Files (*.*)
8/16/2019 Lab1 Security Example
8/13
7
Navigate to the file C:\Windows\system32\drivers\etc\hosts and open it
Insert the IP address here press tab and
then mention the web address
8/16/2019 Lab1 Security Example
9/13
8
Find the IP address of the webpage using the ping utility in the command prompt
Figure 2 Obtaining the IP address of Sheridan College ping www.sheridancollege.ca
At the end of the file enter 142.55.47.60. This is the IP address of Sheridan College
Figure 3 IP address of Sheridan College written but the web address is of www.course.com
8/16/2019 Lab1 Security Example
10/13
9
Remember to click File and then Save AND close ALL windows.
8/16/2019 Lab1 Security Example
11/13
10
Result
Now open the Web Browser and enter address www.course.com . The output is the webpage
of Sheridan College!
Figure 4 Note the output of the web address www.course.com
Reversal
Reverse the steps that you carried out and remove the web address in the hosts file. Otherwise
you will never be able to see the www.course.com page!
Additional Note
Remember to clear the browser cache and close the browser completely after you have
reversed the change in the hosts file. Failure to do so would not complete the reversal.
Conclusion
Hosts only attacks are simple to conduct and cause serious business impact. DNS attacks can be
prevented by keeping your DNS resolver private and protected and regularly checking open
resolvers on your network. Enhancing security configuration by adding variability to outgoing
http://www.course.com/http://www.course.com/http://www.course.com/http://www.course.com/http://www.course.com/http://www.course.com/http://www.course.com/http://www.course.com/
8/16/2019 Lab1 Security Example
12/13
11
requests such as using a random source port, using random query IDs and using random case
and letter combinations of the domain names. (Rubens, 2013)
"No one cares about your security as much as you do, so we advise hosting and managing
yourself -- if you have the skills to do so," says Brenton.
8/16/2019 Lab1 Security Example
13/13
12
Bibliography
1. Halley, B. (2008, October 20). How DNS cache poisoning works. Retrieved from
www.networkworld.com: http://www.networkworld.com/article/2277316/tech-primers/how-
dns-cache-poisoning-works.html
2.
Leyden, J. (2014, January 21). Retrieved from www.theregister.co.uk:http://www.theregister.co.uk/2014/01/21/china_dns_poisoning_attack/
3.
Rubens, P. (2013, December 5). How to prevent DNS attacks. Retrieved from
www.esecurityplanet.com: http://www.esecurityplanet.com/network-security/how-to-prevent-
dns-attacks.html