Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Is this a DNS security hole?
- Ivan Yonge
April 30, 2004, 10:09 pm
rate this thread
help. don't laugh at me if I am wrong.
I have tested this with my domain, this seems like a security hole to me
...My domain is registered with Register.com
1. Go to Register.com, login to my account (say "mycompany.com", doesn't
2. Add a new DNS entry
3. They will ask for HOST NAME and IP ADDRESS (they used to ask HOST name
only, not IP).
4. type host="testing.victim.com" (the host of the victim)
5. type ip = "188.8.131.52" (the IP address I want to point to, I just make
7. After 24 hours, all the world's DNS servers will resolve
testing.victim.com as 184.108.40.206. If you PING testing.victim.com from any
server say network-tools.com it gives you the 220.127.116.11
This is not good, now "testing.victim.com" is tied to the IP address, it
doesn't even try to resolve it from "victim.com" 's DNS server..... why is
this happening?? I have used http://network-tools.com/nslook/Default.asp
to verify my result..
If this is true, anyone can hijack other people's domain name using DNS and
point to his IP address? this is scary..
Re: Is this a DNS security hole?
It's called DNS poisoning. There are methods to prevent it, like DNSsec,
but not everybody uses them. Man-in-the-middle attacks like DNS
poisoning are the reason why financial transactions use certificates to
authenticate the end points.
- » PC trying to connect to a huge list of IP addresses. Aye Chihuahua!
- — Next thread in » General Computer Security