Ver:
· Extensiones de seguridad para el DNS
Ataque
informático que consiste en modificar o sustituir el archivo del servidor de
nombres de dominio cambiando la dirección IP legítima de una entidad
(comúnmente una entidad bancaria) de manera que en el momento en el que el
usuario escribe el nombre de dominio de la entidad en la barra de direcciones,
el navegador redirigirá automáticamente al usuario a otra dirección IP donde se
aloja una web falsa que suplantará la identidad legítima de la entidad,
obteniéndose de forma ilícita las claves de acceso de los clientes la entidad.
http://www.inteco.es/glossary/Formacion/Glosario/
Redirecciona
malintencionadamente al usuario a un sitio web falso y fraudulento, mediante la
explotación del sistema DNS, se denomina secuestro o envenenamiento del DNS.
http://www.alerta-antivirus.es/seguridad/ver_pag.html?tema=S
An attack in
which an Attacker corrupts an infrastructure service such as DNS (Domain Name
Service) causing the Subscriber to be misdirected to a forged Verifier/RP,
which could cause the Subscriber to reveal sensitive information, download
harmful software or contribute to a fraudulent act. [NIST-SP800-63:2013]
A form of domain
name spoofing that results in users believing they are on a genuine site with
the correct URL only to be diverted to a scam site.
http://www.enisa.europa.eu/
An exploit in
which criminals disrupt the normal functioning of DNS software which translates
Internet domain names into addresses.
The user enters a correct address but is redirected to a fake website.
http://www.getsafeonline.org/
This is a more
sophisticated form of MITM attack. A users session is redirected to a
masquerading website. This can be achieved by corrupting a DNS server on the
Internet and pointing a URL to the masquerading websites IP. Almost all users
use a URL like www.worldbank.com instead of the real IP (192.86.99.140) of the
website. Changing the pointers on a DNS server, the URL can be redirected to
send traffic to the IP of the pseudo website. At the pseudo website,
transactions can be mimicked and information like login credentials can be
gathered. With this the attacker can access the real www.worldbank.com site and
conduct transactions using the credentials of a valid user on that website.
http://www.sans.org/security-resources/glossary-of-terms/
A type of
phishing attack that involves "DNS poisoning" - malicious code that
alters victims' Domain Name Server (DNS), so that they are automatically
directed to a fraudulent website when they type in the address of a legitimate
site. Pharming attacks are much more difficult to detect than traditional
phishing attacks, since victims will still see the URL of the legitimate
website when they are actually at the fraudulent site. However, it is also an
extremely complicated attack technique, and security experts have noted few
examples of it "in the wild."
A pharming attack
occurs when the victim is fooled into entering sensitive data into supposedly
trusted locations, such as an online bank site or a trading platform. An
attacker can impersonate these supposedly trusted sites and have the victim be
directed to his site rather than the originally intended one. Pharming does not
require script injection or clicking on malicious links for the attack to
succeed.
Attack Execution
Flow
·
Attacker
sets up a system mocking the one trusted by the users. This is usually a
website that requires or handles sensitive information.
·
The
attacker then poisons the resolver for the targeted site. This is achieved by
poisoning the DNS server, or the local hosts file, that directs the user to the
original website
·
When
the victim requests the URL for the site, the poisoned records direct the
victim to the attacker's system rather than the original one.
·
Because
of the identical nature of the original site and the attacker controlled one,
and the fact that the URL is still the original one, the victim trusts the
website reached and the attacker can now "farm" sensitive information
such as credentials or account numbers.
Attack Pattern 89
http://capec.mitre.org/data/index.html
Temas relacionados