Lab1 Security Example

8/16/2019 Lab1 Security Example

1/13

0

HOSTS FILE ATTACK Lab 1 – INFO24178 Computer and Network Security – Winter 2016

FEBRUARY 2, 2016

Sheridan College, Davis Campus


2/13

1

ContentsLab 1: Hosts File Attack ................................................................................................................................ 2

Task Description ....................................................................................................................................... 2

Project 3-3: Hosts File Attack ................................................................................................................ 2

Introduction .............................................................................................................................................. 3

Literature Review ..................................................................................................................................... 3

Key concepts ......................................................................................................................................... 3

Differential diagnosis: ARP versus DNS poisoning ................................................................................ 3

Modus operandi .................................................................................................................................... 4

Lab Objective ............................................................................................................................................ 4

Procedure ............................................................................................................................................. 5

Result .................................................................................................................................................. 10

Reversal .............................................................................................................................................. 10

Additional Note .................................................................................................................................. 10

Conclusion .......................................................................................................................................... 10

Bibliography................................................................................................................................................ 12


3/13

2

Lab : Hosts File Attack

Task Description

Project 3-3: Hosts File Attack

Complete requirements 1 - 13, take screen capture of significant changes/modifications.

Include with your formatted report submission.

Use Rubric as outline for submission, failure to do will mean deducted marks. You have been

warned, don't submit document with images having not proper figure notation, no reference

that are used in body of text.


4/13

3

Introduction

Hosts file attack is one of the ways of DNS poisoning and redirecting a request for a Webpage to a malicious

site. This technique does not require any sophisticated knowledge or experience and is easy to carry out.

The attack has the ability to cause major impact with minimal resources. In this lab, we will be able to

understand how this attack can be carried out and the ease with which it can be achieved.

Literature Review

DNS poisoning as a means to conduct a hosts file attack can cause serious impact on the users

and businesses. On Jan 21, 2014, “The Register” a leading UK daily reported how Chinese netizens

were not able to access social media and messaging websites that affected about 3 million users.

This incident required about 12 hours to resolve and was a major setback for the Internet Service

Providers and businesses and individuals who depended on these services. (Leyden, 2014)

DNS poisoning was unveiled in July 2008 and it highlighted the simplicity and ease of the attack

that lacked any sophistication in terms of the resources or bandwidth requirements to bring

down major establishments. (Halley, 2008)

Key concepts

DNS : Domain Name System (DNS) is a hierarchical name system that matches computer names

and numbers for IP address resolution.

ARP: Address Resolution Protocol (ARP) is a part of the TCP/IP protocol for determining the MAC

address based on the IP address.

Differential diagnosis: ARP versus DNS poisoning

ARP poisoning is an example of corrupting the ARP cache that involves substitution of the IP

address by a fraudulent MAC address while DNS poisoning substituting a fraudulent IP address

for a symbolic name causing the computer to redirect to another device.


5/13

4

Modus operandi

The attacker may choose to substitute the fraudulent IP address so that the computer is

automatically redirected to another device. This can be done at two different locations –

The local host table

The external DNS server

Lab Objective

Demonstration of the hosts file attack in the local host table as a technique of Domain Name System (DNS)

poisoning.


6/13

5

Procedure

Initial State

ltering the Hosts file

Start > All Programs > Accessories

Figure 1 Finding the Notepad to run as an administrator

Right-click Notepad > Run as administrator Click File > Open

Search result for thewebsite www.course.com Search result for the websitewww.sheridancollege.ca


7/13

6

Click File Name drop-down arrow to change from Text Documents (*.txt) to All Files (*.*)


8/13

7

Navigate to the file C:\Windows\system32\drivers\etc\hosts and open it

Insert the IP address here press tab and

then mention the web address


9/13

8

Find the IP address of the webpage using the ping utility in the command prompt

Figure 2 Obtaining the IP address of Sheridan College ping www.sheridancollege.ca

At the end of the file enter 142.55.47.60. This is the IP address of Sheridan College

Figure 3 IP address of Sheridan College written but the web address is of www.course.com


10/13

9

Remember to click File and then Save AND close ALL windows.


11/13

10

Result

Now open the Web Browser and enter address www.course.com . The output is the webpage

of Sheridan College!

Figure 4 Note the output of the web address www.course.com

Reversal

Reverse the steps that you carried out and remove the web address in the hosts file. Otherwise

you will never be able to see the www.course.com page!

Additional Note

Remember to clear the browser cache and close the browser completely after you have

reversed the change in the hosts file. Failure to do so would not complete the reversal.

Conclusion

Hosts only attacks are simple to conduct and cause serious business impact. DNS attacks can be

prevented by keeping your DNS resolver private and protected and regularly checking open

resolvers on your network. Enhancing security configuration by adding variability to outgoing

http://www.course.com/http://www.course.com/http://www.course.com/http://www.course.com/http://www.course.com/http://www.course.com/http://www.course.com/http://www.course.com/


12/13

11

requests such as using a random source port, using random query IDs and using random case

and letter combinations of the domain names. (Rubens, 2013)

"No one cares about your security as much as you do, so we advise hosting and managing

yourself -- if you have the skills to do so," says Brenton.


13/13

12

Bibliography

1. Halley, B. (2008, October 20). How DNS cache poisoning works. Retrieved from

www.networkworld.com: http://www.networkworld.com/article/2277316/tech-primers/how-

dns-cache-poisoning-works.html

2.

Leyden, J. (2014, January 21). Retrieved from www.theregister.co.uk:http://www.theregister.co.uk/2014/01/21/china_dns_poisoning_attack/

3.

Rubens, P. (2013, December 5). How to prevent DNS attacks. Retrieved from

www.esecurityplanet.com: http://www.esecurityplanet.com/network-security/how-to-prevent-

dns-attacks.html

Lab1 Security Example

Documents

Transcript of Lab1 Security Example