12-12-2015 09:34 AM - edited 03-08-2019 03:05 AM
hi,
Attacker-----R1------R2
so the attacker is in the LAN, R1 is the local DNS server, R2 is public DNS Server.
when we want to configure DNS spoofing:
R1:
ip name-server 2.2.2.2
ip domain lookup
ip dns server
ip dns spoofing 1.1.1.1
can someone please tell me how it works ?
12-12-2015 10:14 AM
Please refer to this doc on DNS spoofing:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dns/configuration/12-4t/dns-12-4t-book/dns-config-dns.html#GUID-C9E9429A-E599-455C-9206-26DB6ED86665
According to the document you must have one of the following conditions satisfied:
This feature turns on DNS spoofing and is functional if any of the following conditions are true:
So you would have to disable either ip domain lookup or remove a name-server address. Secondly, the actual process is listed as such:
Lastly, it sounds as if you should specify an actual DNS server with your spoofing command.
I hope that helps.
12-12-2015 10:00 PM
Hello Mohammed,
As you know DNS spoofing is a Man in the Middle technique used to supply false DNS information to a host so that when they attempt to browse and attacker can easily steal online banking credentials and account information from unsuspecting users.
Have a look on the below link which explains DNS spoofing in depth.
http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part2.html
Hope it Helps..
-GI
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide