CSC 474 - Fall 2008 -  Lab 2

กก(Optional: Lab Report and Survey Due by 11:45pm on 12/02/08; no extension)

DNS Pharming Attack Lab

Overview

DNS (Domain Name System) is the Internet's phone book; it translating hostnames to IP addresses, and vice versa. This translation is through DNS resolution, which happens behind the scene. DNS Pharming attacks manipulate this resolution process in various ways, with an intent to misdirect users to alternative destinations, which are often malicious. The objective of this lab is to understand how such attacks work. Students will first set up and configure a DNS server, and then they will try various DNS Pharming attacks on the target that is also within the lab environment.

Lab Task

Please see detailed lab instructions:

lab2_instruction.pdf

กก

Configuration and Zone Files for DNS Setup

1. DNS configuration file: named.conf

2. Zone file for domain example.com: example.com.db

3. Zone file for DNS reverse lookup: 192.168.1

4. The victim machine provides http service. So you can change the IP address in configuration files to get a straight idea about this attack.

Useful links

1. Use netwag or netwox as your attacking tools; use Wireshark as sniffer.

2. Useful links.

    [1] RFC 1035 Domain Names - Implementation and Specification : http://tools.ietf.org/html/rfc1035

    [2] DNS HOWTO : http://www.tldp.org/HOWTO/DNS-HOWTO.html

    [3] BIND 9 Administrator ReferenceManual : http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch01.html

    [4] Pharming Guide : http://www.ngssoftware.com/papers/ThePharmingGuide.pdf

    [5] DNS Cache Poisoning: http://www.secureworks.com/research/articles/dns-cache-poisoning/

    [6] DNS Client Spoof: http://evan.stasis.org/odds/dns-client spoofing.txt

3. Some commands you might want to use:

    To start a DNS server: # /etc/init.d/named restart

    # dig www.example.com

    # rndc flush

    # rndc dumpdb -cache

กก

Lab Report

You need to submit a detailed lab report to describe what you have done and what you have observed. You need to include the wireshark trace (or any trace that may help) to support your observations.

Survey Questions

You need to download this file and answer the questions. You need to upload your answers to the submission site. Your survey answers will be properly anonymized by the TA before reaching the instructor.

Acknowledgement

This lab includes materials provide by Dr. Wenliang Du (Syracuse University) and Mr. Jinkai Gao (Syracuse University).