DNS is extremely important service running on the network. In the example below we will spoof DNS server and provide victim with face record to redirect to our own web server. In our case web server will be running on the same system from which attacks will be lunched but this does not have to be the case. In some cases when victim’s system points for DNS resolution to external DNS – outside firewall, attack may not work as expected.

Our lab setup

1. Victim IP address 192.168.0.19.
2. Attacker IP address 192.168.0.18 – web server to which we will redirect victum also located on this ip address.
3. Internal DNS is running on the firewall router in this case and IP address is 192.168.0.1.

DNS Spoofing

DNS Spoofing

1. On our attacking system(192.168.0.18) create web page and host file called myhost.txt. Add following record for the site called test.com

192.168.0.18 test.com

2. We will need to perform man in the middle attack first to redirect all traffic through our attacking system. In order to do this we will need to issue following commands.

a. Enabling forwarding on our attacking host

echo 1 > /proc/sys/net/ipv4/ip_forward

b. Issue the following command on our attacking host 192.168.0.18 to spoof all traffic

arpspoof -t 192.168.0.19 192.168.0.1

c. Issue the following command on our attacking host 192.168.0.18 to spoof all traffic

arpspoof -t 192.168.0.1 192.168.0.19

3. And finally lounch DNS spoofing attack.

dnsspoof -i eth0-f myhost.txt

At this point when victim will go to test.com he will be redirected to your attacking host 192.168.0.18 and presented with what ever page you have running on it.