- Level: Intermediate
- Presenter: Eli the Computer Guy
- Date Created: November 1, 2010
- Length of Class: 45 Minutes
- Computer Security /Integrity
- Knowledge of TCP/IP and Domain Name Resolution
Purpose of Class
- This class teaches students how use DNS to redirect computer or network users to alternate websites or servers for security or malicious purposes.
- How DNS Works
- Editing the HOSTS file
- Alternate Public DNS
- Planning a DNS Hack
- Reasons to Hack DNS
- DNS resolves Domain Names to IP Addresses
- Warning: Use at your own risk
- HOSTS file is the local file that resolves Domain Names
- Windows Location = C:\Windows\System32\drivers\etc
- Example = 10.1.10.2 www.elithecomputerguy.com
- In Vista/ Windows 7 First Open Notepad using “Run as Administrator” and then open the HOSTS file. Otherwise you will not be able to save your edits.
- Computers FIRST try to Resolve a Domain Name with the HOSTS file, they then Go To the LOCAL DNS Server, and then they Query the PUBLIC DNS Server. If any server has a record the computer does not ask any other sources. SO if the HOSTS file has a record the computer uses that record and stops.
- Using Alternate DNS
- You do not have to use the Public DNS IP Addresses that your ISP gave you. You can use Alternate Public DNS Servers.
- The benefit of using a server like OpenDNS.org is that they will prevent Domain Names for malicious websites from resolving. This is a HUGE security tool.
- You can create your own Public DNS Server for Good/ Bad Purposes.
- The DNS Attack
- HOSTS file can be compromised either through manual editing, or through scripting. If users are logged in as USERS vs. ADMINISTRATORS there is far less chance that a script will be able to modify the HOSTS file.
- By Wardriving or Plugging Into an Unsecured Network Jack You May be able to Hack the DNS Server. Routers/ Modems with default passwords are easy to Hack.
- A clever, well disguised DNS Hack is very difficult to detect once it has been successfully implemented, and it is moderately difficult to circumvent if it is done by a network administrator to secure a network.
- Final Thoughts
- Hacking DNS is the EASIEST way to either protect or attack a network or computer