Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
DNS Spoofability Test of Some Well-known Public DNS
Message
<blockquote data-quote="yitworths" data-source="post: 740630" data-attributes="member: 36772"><p>disabling dns cache will do the trick. & regarding browser, I do pentest or better to say I used to pentest. Generally to check hotspot security, I used to do MITM with fake dns resolver & through that I used to load a webpage. Most browsers didn't identify the page as threat or suspicious except Yandex browser. Which identified the page as suspicious. Actually most browsers rely upon dns query so if you spoof dns browser won't detect any difference.</p><p></p><p>& regarding https everywhere extension, the answer is no. btw, is there anything as such feature in that extension? it checks cert as far as I know.</p><p></p><p>DNS is kinda transaction ID for every website. Lets say, if tomorrow x website changes its ip to something else then if you search x you will get x only based upon certain transaction id. & now if I have that transaction id then I can make any website lookalike x & your browser won't find any difference. Loosely speaking, lets say your name is sb we all know you by sb & we have certain idea about you. Now if someone ask me about sb whom I will refer to if I only know one sb.But,that doesn't mean he/she is talking about you.</p><p>Every dns query is something like that.</p><p>Do you how insecure wifi passphrase is? To crack a hotspot passphrase, I need just d handshake & enough resource to run a password generator. The bigger d password & mixed d password d more safe it is. But that doesn't mean it is unhackable. Same goes for DNS, they didn't repair DNS .They did just change d query system, so the process (attack) which might take several seconds to minutes now will take several weeks to months. & if your DNS uses randomization it will be much more resistant against this kinda attack.</p><p>Hope,it helps.</p></blockquote><p></p>
[QUOTE="yitworths, post: 740630, member: 36772"] disabling dns cache will do the trick. & regarding browser, I do pentest or better to say I used to pentest. Generally to check hotspot security, I used to do MITM with fake dns resolver & through that I used to load a webpage. Most browsers didn't identify the page as threat or suspicious except Yandex browser. Which identified the page as suspicious. Actually most browsers rely upon dns query so if you spoof dns browser won't detect any difference. & regarding https everywhere extension, the answer is no. btw, is there anything as such feature in that extension? it checks cert as far as I know. DNS is kinda transaction ID for every website. Lets say, if tomorrow x website changes its ip to something else then if you search x you will get x only based upon certain transaction id. & now if I have that transaction id then I can make any website lookalike x & your browser won't find any difference. Loosely speaking, lets say your name is sb we all know you by sb & we have certain idea about you. Now if someone ask me about sb whom I will refer to if I only know one sb.But,that doesn't mean he/she is talking about you. Every dns query is something like that. Do you how insecure wifi passphrase is? To crack a hotspot passphrase, I need just d handshake & enough resource to run a password generator. The bigger d password & mixed d password d more safe it is. But that doesn't mean it is unhackable. Same goes for DNS, they didn't repair DNS .They did just change d query system, so the process (attack) which might take several seconds to minutes now will take several weeks to months. & if your DNS uses randomization it will be much more resistant against this kinda attack. Hope,it helps. [/QUOTE]
Insert quotes…
Verification
Post reply
Top