PharmingPharmingGroup 10:Group 10:
Phuc H. DaoPhuc H. Dao
Anita LugonjaAnita Lugonja
MotivationMotivation
To give students an opportunity to To give students an opportunity to learn about DNS poisoninglearn about DNS poisoning
To give students hand-on experience To give students hand-on experience with host files and DNS configurationwith host files and DNS configuration
AgendaAgenda
Host FilesHost Files DNSDNS The Art of PharmingThe Art of Pharming DemoDemo
Host FilesHost Files
Static Naming ResolutionStatic Naming Resolution
DNSDNS
Domain Name SystemDomain Name System Naming HierarchyNaming Hierarchy
Managed by GT
DNS Name hierarchyDNS Name hierarchy DNS hierarchy can be DNS hierarchy can be
represented by a tree represented by a tree Root and top-level Root and top-level
domains are domains are administered by an administered by an Internet central name Internet central name registration authority registration authority (ICANN)(ICANN)
Below top-level Below top-level domain, administration domain, administration of name space is of name space is delegated to delegated to organizationsorganizations
Each organization can Each organization can delegate furtherdelegate further
Managed by ECE Dept.
. (root)
com
gatech.edu
goveduorg
uci.edu
ece.gatech.edumath.gatech.edu
neon.ece.gatech.edu
Top-level Domains
““Domain Name System.”Domain Name System.”
Domain name systemDomain name system Each node in the DNS tree Each node in the DNS tree
represents a represents a DNS nameDNS name Each branch below a node is a Each branch below a node is a
DNS domainDNS domain..• DNS domain can contain DNS domain can contain
hosts or other domains hosts or other domains ((subdomainssubdomains))
Example: Example: DNS domains areDNS domains are ., edu, gatech.edu, ., edu, gatech.edu, cc.gatech.educc.gatech.edu
gatech.edu
cc.gatech.eduwww.gatech.edu
Oscar.cc.gatech.edu
edu
.
““Domain Name System.”Domain Name System.”
Hierarchy of name serversHierarchy of name servers The resolution of the The resolution of the
hierarchical name space is hierarchical name space is done by a hierarchy of done by a hierarchy of name serversname servers
Each server is responsible Each server is responsible (authoritative) for a (authoritative) for a contiguous portion of the contiguous portion of the DNS namespace, called a DNS namespace, called a zonezone..
Zone is a part of the Zone is a part of the subtreesubtree
DNS server answers queries DNS server answers queries about hosts in its zoneabout hosts in its zone
root server
com servergov serveredu serverorg server
uci.eduserver
.virginia.edu server
cs.virginia.edu server
““Domain Name System.”Domain Name System.”
DNS domain and zonesDNS domain and zones Each zone is anchored at a Each zone is anchored at a
specific domain node, but specific domain node, but zones are not domains. zones are not domains.
A DNS domainA DNS domain is a branch of is a branch of the namespacethe namespace
A zone is a portion of the A zone is a portion of the DNS namespace generally DNS namespace generally
stored in astored in a file (It could file (It could consists of multiple nodes)consists of multiple nodes)
A server can divide part of A server can divide part of its zone and its zone and delegatedelegate it to it to other serversother servers
. (root)
.virginia.edu
.edu
.uci.edu
cs.virginia.edumath.virginia.edu
DomainZone
anddomain
Zone
““Domain Name Domain Name System.”System.”
Lab RequirementsLab Requirements
Windows XPWindows XP RedHat 4.0RedHat 4.0 DNS serverDNS server
Let’s PoisonLet’s Poison
Host File manipulationHost File manipulation
cnn.comcnn.com google.com google.com www.google.comwww.google.com
207.68.172.246207.68.172.246 google.com google.comwww.google.comwww.google.com
DNS PoisonDNS Poison
There is one more DNS concept to There is one more DNS concept to learnlearn
Resolver and name serverResolver and name server1.1. An application program on An application program on
a host accesses the a host accesses the domain system through a domain system through a DNS client, called the DNS client, called the resolverresolver
2.2. Resolver contacts DNS Resolver contacts DNS server, called name server server, called name server
3.3. DNS server returns IP DNS server returns IP address to resolver which address to resolver which passes the IP address to passes the IP address to applicationapplication
Reverse lookups are also Reverse lookups are also possible, i.e., find the possible, i.e., find the hostname given an IP hostname given an IP addressaddress
HTTP Resolver
Hostname (neon.tcpip-lab.edu)
IP address (128.143.71.21)
Name server
Ho
stna
me
(ne
on.tcp
ip-la
b.e
du
)
IP a
dd
ress (1
28
.14
3.7
1.21)
““Domain Name System”Domain Name System”
Resolver ConfigurationResolver Configuration
File /etc/nsswitch.conf needs to File /etc/nsswitch.conf needs to contain the line contain the line
hosts: dns files hosts: dns files Add this line to /etc/resolv.confAdd this line to /etc/resolv.conf
nameserver nameserverIPAddressnameserver nameserverIPAddress
Named.confNamed.conf
Pointer to the new zonePointer to the new zone
zone "mit.edu" IN {zone "mit.edu" IN {
type master;type master;
file "mit.edu.zone";file "mit.edu.zone";
allow-update{none;};allow-update{none;};
};};
Create an zoneCreate an zone
Next SlideNext Slide
ResultResult
Next SlideNext Slide
Lab ScenariosLab Scenarios
Host File and DNS ConceptHost File and DNS Concept Host File PoisoningHost File Poisoning DNS PoisoningDNS Poisoning Ethereal Capture of DNS trafficEthereal Capture of DNS traffic After Lab2 and incorporated with After Lab2 and incorporated with
other team’s pharming labother team’s pharming lab
SourcesSources
Liebeherr, Jorg. Zarki, Magda El. Liebeherr, Jorg. Zarki, Magda El. Mastering Networks: An Internet Lab Mastering Networks: An Internet Lab Manual.New York. 2004.Manual.New York. 2004.
““Domain Name System.” Masterin Domain Name System.” Masterin Networks – Lecture Notes. 11 April Networks – Lecture Notes. 11 April 2007. <2007. <http://www.cs.virginia.edu/~itlab/boohttp://www.cs.virginia.edu/~itlab/book/slides/index.htmlk/slides/index.html>>
Questions?Questions?