That attacker in the end is how to implement the domain name hijacking attack it?

Source: Internet
Author: User
Keywords detailed
Tags adobe change company dns dns server domain domain name domain name hijacking

Recently found that adobe.com, internet.com, nike.com, and so well-known sites have been attacked, but the attacker is not the technology used in the invasion of the WEB server used to change the home page idioms, attackers Is using a domain name hijacking attack? The attacker, by posing as the original domain name owner, modifies the network solution company's registered domain name record by E-mail, transfers the domain name to another group, adds the original domain name record by adding the domain name record to the DNS server designated by the modified registration information, Domain name pointing to another IP server, usually both servers are pre-attacked by the attacker's server, and do not belong to the attacker.

That attacker in the end is how to implement the domain name hijacking attack it?

Get the domain name registration information to be hijacked

Attackers first visit www.networksolutions.com and enter the domain name you want to query for MAKE CHANGES on the company's main page to get the domain registration information. For example, abc.com, we will get the following information :

Registrant:
Capital Cities / ABC, Inc (ABC10-DOM)
77 W 66th St.
New York, NY 10023
US

Domain Name: ABC.COM

Administrative Contact, Billing Contact:
King, Thomas C. (SC3123-ORG) abc.legal.internet.registration@ABC.COM
ABC, Inc.
77 W 66th St.
New York, NY 10023
US
212-456-7012
Technical Contact, Zone Contact:
Domain Administrator (DA4894-ORG) dns-admin@STARWAVE.COM
Starwave Corporation
13810 SE Eastgate Way, ste. 400
Bellevue, WA 98005
US
206.664.4800
Fax-206.664.4829

Record last updated on 11-Oct-2000.
Record expires on 23-May-2003.
Record created on 22-May-1996.
Database last updated on 20-Oct-2000 14:14:26 EDT.

Domain servers in listed order:

DNS1.STARWAVE.COM 204.202.132.51
T.NS.VERIO.NET 192.67.14.16

2. Control the management domain name E-MAIL account

From the above information, the attacker can learn abc.com's registered DNS server, E-MAIL account management domain name, E-MAIL technical contact and so on registration information, the attacker's focus is the need to manage the domain name E-MAIL Account abc.legal.internet.registration@ABC.COM Confirm E-MAIL after receiving and sending the domain name registration record as modified by networkolutions homepage, do not rule out the attack on the E-MAIL account The E-MAIL account for password violence guess, the account where the E-MAIL server intrusion attacks.

3. Modify the registration information of the domain name company in Network Solutions

By this time, attackers will use the MAKE CHANGES function of networksolutions, a network solutions company, to modify registration information of the domain name, including owner information, DNS server information, and so on.

4. Fake owner using the management domain name of the E-MAIL account network solutions company letter of confirmation

The attacker will receive a letter from the E-MAIL account before the real owner of the E-MAIL account receives the confirmation letter from the E-MAIL account and use the E-MAIL account to reply to the network solution company for confirmation. After confirming the second reply, you will receive the successful revise registration letter from the network solution company, and the attacker successfully hijacked the domain name.

Add the domain name record to the newly specified DNS server

In the registration information of the new DNS server, add the PTR record of the domain name, point to another IP server, usually both servers are the attacker pre-invasion control server, and do not belong to the attacker.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.