กก(Optional: Lab Report and Survey Due by 11:45pm on 12/02/08; no extension)
DNS Pharming Attack Lab
DNS (Domain Name System) is the Internet's phone book; it translating hostnames to IP addresses, and vice versa. This translation is through DNS resolution, which happens behind the scene. DNS Pharming attacks manipulate this resolution process in various ways, with an intent to misdirect users to alternative destinations, which are often malicious. The objective of this lab is to understand how such attacks work. Students will first set up and configure a DNS server, and then they will try various DNS Pharming attacks on the target that is also within the lab environment.
Please see detailed lab instructions:
Configuration and Zone Files for DNS Setup
1. DNS configuration file: named.conf
2. Zone file for domain example.com: example.com.db
3. Zone file for DNS reverse lookup: 192.168.1
4. The victim machine provides http service. So you can change the IP address in configuration files to get a straight idea about this attack.
1. Use netwag or netwox as your attacking tools; use Wireshark as sniffer.
2. Useful links.
 RFC 1035 Domain Names - Implementation and Specification : http://tools.ietf.org/html/rfc1035
 DNS HOWTO : http://www.tldp.org/HOWTO/DNS-HOWTO.html
 BIND 9 Administrator ReferenceManual : http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch01.html
 Pharming Guide : http://www.ngssoftware.com/papers/ThePharmingGuide.pdf
 DNS Cache Poisoning: http://www.secureworks.com/research/articles/dns-cache-poisoning/
 DNS Client Spoof: http://evan.stasis.org/odds/dns-client spoofing.txt
3. Some commands you might want to use:
To start a DNS server: # /etc/init.d/named restart
# dig www.example.com
# rndc flush
# rndc dumpdb -cache
You need to submit a detailed lab report to describe what you have done and what you have observed. You need to include the wireshark trace (or any trace that may help) to support your observations.
You need to download this file and answer the questions. You need to upload your answers to the submission site. Your survey answers will be properly anonymized by the TA before reaching the instructor.
This lab includes materials provide by Dr. Wenliang Du (Syracuse University) and Mr. Jinkai Gao (Syracuse University).