Ver:
· Pharming
· Extensiones de seguridad para el DNS
Técnica de ataque contra el servicio DNS. Consiste en enviarle información falsa haciéndole creer que procede de una fuente fiable. Si el DNS cae en el engaño, contribuirá a difundir la falsa información.
Cache poisoning,
also called domain name system (DNS) poisoning or DNS cache poisoning, is the
corruption of an Internet server's domain name system table by replacing an
Internet address with that of another, rogue address. When a Web user seeks the
page with that address, the request is redirected by the rogue entry in the
table to a different address. At that point, a worm, spyware, Web browser
hijacking program, or other malware can be downloaded to the user's computer
from the rogue location.
http://whatis.techtarget.com/
A clever
technique that tricks your DNS server into believing it has received authentic
information when, in reality, it has been lied to. Why would an attacker
corrupt your DNS server's cache? So that your DNS server will give out incorrect
answers that provide IP addresses of the attacker's choice, instead of the real
addresses. Imagine that someone decides to use the Microsoft Update Web site to
get the latest Internet Explorer patch. But, the attacker has inserted phony
addresses for update.microsoft.com in your DNS server, so instead of being
taken to Microsoft's download site, the victim's browser arrives at the
attacker's site and downloads the latest worm.
http://www.watchguard.com/glossary/
Malicious or
misleading data from a remote name server is saved [cached] by another name
server. Typically used with DNS cache poisoning attacks.
http://www.sans.org/security-resources/glossary-of-terms/
An attacker
modifies a public DNS cache to cause certain names to resolve to incorrect
addresses that the attacker specifies. The result is that client applications
that rely upon the targeted cache for domain name resolution will be directed
not to the actual address of the specified domain name but to some other
address. Attackers can use this to herd clients to sites that install malware
on the victim's computer or to masquerade as part of a Pharming attack.
Attack Pattern
142
http://capec.mitre.org/data/index.html
Temas relacionados