Re: (lame) spoofing DNS with hosts files...

From: Mitino-PTT support (supportat_private)
Date: Mon Aug 20 2001 - 09:24:14 PDT

  • Next message: .MetsyS.: "Re: (lame) spoofing DNS with hosts files..."

    :))
    hehe
    really lame
    
    or maybe i don't understand
    
    i think first operating system looks hosts file and then (if not true) makes
    a dns query
    its not a bug or vulnerability
    it is feature (which came from ancient times when there was no domain name
    system on the Earth)
    i think it is not a topic for this list
    
    i can create zone file for microsoft.com on my ISP master NS server with
    entry like this
    
    www IN A 127.0.0.1
    and it will work BUT I WILL NOT WRITE about this in bugtraq !!
    
    forgive me my bad english, usually i only read bugtraq, but now after this
    message i can't be silent ;)
    
    -----Исходное сообщение-----
    От: .MetsyS. <stfat_private>
    Кому: vuln-devat_private <vuln-devat_private>
    Дата: 20 августа 2001 г. 20:06
    Тема: (lame) spoofing DNS with hosts files...
    
    
    >Hi everybody,
    >
    >The recent discussion on the IE bookmark problem made me think of some
    >other ways you could force sombody to point their browser somewhere they
    >were not intending to.
    >
    >My apologies if this is already well known and i'm wasting bandwidth.
    >(which is probably the case)
    >
    >You will end up at abcnews.com instead of hotmail.com in this example
    >
    >Open up your windows host file and add an entry like:
    >204.202.136.30 www.hotmail.com
    >
    >I tested this with Netscape 4.08 Win98SE with proxies turned off.
    >
    >Now open up your web browser and tell it to go to www.hotmail.com if your
    >proxy server settings are not forced you should end up at www.abcnews.com.
    >
    >I know this is silly, and rather obvious... just remember... this is not
    >just limited to the web browser, your curcumventing a DNS lookup.
    >
    >eg:
    >C:\WINDOWS>ping www.hotmail.com
    >
    >Pinging www.hotmail.com [64.4.44.7] with 32 bytes of data:
    >
    >Control-C
    >C:\WINDOWS>echo 192.168.1.2 www.hotmail.com >> hosts
    >
    >C:\WINDOWS>ping www.hotmail.com
    >
    >Pinging www.hotmail.com [192.168.1.2] with 32 bytes of data:
    >
    >Reply from 192.168.1.2: bytes=32 time=38ms TTL=255
    >
    >Ping statistics for 192.168.1.2:
    >    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
    >Approximate round trip times in milli-seconds:
    >    Minimum = 38ms, Maximum =  38ms, Average =  38ms
    >Control-C
    >
    >
    >Tested the same thing under linux too... no suprises really I spose just
    >something to ponder...
    >
    >Keep a tripwire DB.
    >
    >One last thing which is kind of off topic... has anybody seen some good
    >papers that discuss loose source routing ? and how to set up a packet with
    >LSR ?
    >
    >Suggestions, comments welcome.
    >
    >.MetsyS.
    >
    



    This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 19:50:50 PDT