(lame) spoofing DNS with hosts files...

From: .MetsyS. (stfat_private)
Date: Sun Aug 19 2001 - 17:10:33 PDT

  • Next message: John Galt: "Re: Windows XP RC2"

    Hi everybody,
    
    The recent discussion on the IE bookmark problem made me think of some
    other ways you could force sombody to point their browser somewhere they
    were not intending to.
    
    My apologies if this is already well known and i'm wasting bandwidth.
    (which is probably the case)
    
    You will end up at abcnews.com instead of hotmail.com in this example
    
    Open up your windows host file and add an entry like:
    204.202.136.30 www.hotmail.com
    
    I tested this with Netscape 4.08 Win98SE with proxies turned off.
    
    Now open up your web browser and tell it to go to www.hotmail.com if your
    proxy server settings are not forced you should end up at www.abcnews.com.
    
    I know this is silly, and rather obvious... just remember... this is not
    just limited to the web browser, your curcumventing a DNS lookup.
    
    eg:
    C:\WINDOWS>ping www.hotmail.com
    
    Pinging www.hotmail.com [64.4.44.7] with 32 bytes of data:
    
    Control-C
    C:\WINDOWS>echo 192.168.1.2 www.hotmail.com >> hosts
    
    C:\WINDOWS>ping www.hotmail.com
    
    Pinging www.hotmail.com [192.168.1.2] with 32 bytes of data:
    
    Reply from 192.168.1.2: bytes=32 time=38ms TTL=255
    
    Ping statistics for 192.168.1.2:
        Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 38ms, Maximum =  38ms, Average =  38ms
    Control-C
    
    
    Tested the same thing under linux too... no suprises really I spose just
    something to ponder... 
    
    Keep a tripwire DB.
    
    One last thing which is kind of off topic... has anybody seen some good
    papers that discuss loose source routing ? and how to set up a packet with
    LSR ?
    
    Suggestions, comments welcome.
    
    .MetsyS.
    



    This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 09:03:19 PDT