The experience of the failure of the DNS spoofing experiment of a wonderful student in Xiao Kee

Source: Internet
Author: User
Tags dns spoofing

This is a DNS spoofing experiment that uses Kali's ettercap. There are three machines, the victim, the attacker (virtual machine), and the Web server.
The victim's 124.16.70.105.
The virtual machine is 124.16.71.48
The Web server is 124.16.70.235 and is 80 ports
Subnet mask is 255255.254.0

Little White has deceived success, the target domain of deception is hao123. But his experiment found that using the victim ping hao123 when the DNS spoofing success, the display IP is 235, but the browser can not access the hao123, prompted not to find the Web page. The victim visited Baidu is normal access, these content in the packet (Hao123bao.pcapng.tar, and not packaged, just to be able to upload to the blog, after the download rename remove tar) in all have, this is why? The victim directly enters the 235 IP that is reachable to the built Web server.

After analyzing the packet, it was found that the victim was using a normal gateway when accessing IP 235, and access to other URLs was using the gateway of the attacker, the virtual machine. Looking at 1748 and 17,492 packs is obvious.

Why use the right gateway when you visit 235?
I feel that because IP 235 is the intranet, the victim makes a broadcast ARP request (packet 1737), so the normal gateway returns to the normal Mac (1746), so the TCP connection is made using a normal gateway Mac.

Therefore, the test environment as far as possible simulation ... So as not to meet the wonderful things.

(Blog park can not upload attachments in blog post?) )

by ascii0x03, 2015.8.20

The experience of the failure of the DNS spoofing experiment of a wonderful student in Xiao Kee

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.