Objective ad verbatim:
“Substituting a fraudulent IP address can be done by either attacking the Domain Name System (DNS) server or the local host table. Attackers can target a local hosts file to create new entries that will redirect users to their fraudulent site. In this project you, add a fraudulent entry to the local hosts file.” (Ciampa, 2009)
Process:
1. First, I started up Mozilla Firefox and pointed the browser to www.course.com and made sure that site was corrected resolved.
2. I went to Google and repeated the step above.
3. Next, I ran Notepad with full administrator privileges.
4. I navigated to the file C:\Windows\System32\Drivers\etc\Hosts and opened it. I appended “74.125.47.99 www.course.com” to the file and saved it.
5. I went to www.course.com once more and was surprised to see it being redirected to Google. I returned to the hosts file and deleted the entry. After a few moments, I was able to access www.course.com again.
Reflection:
Using a simple host file append, an attacker can redirect sites that are visited often to sites that are dangerous (e.g. a site that spoofs Facebook and prompts you for your login credentials when you access the legitimate www.facebook.com). One way to prevent this is to never allow programs that you do not absolutely trust access to Administrator level actions.
However, modifications to the host file can be useful in limiting the other users of the same machine such as a child from accessing sites that are not desirable. This can be an easy approach to prevent the child from surfing to sites which contain objectionable material.
Sine Cera,
Jeremy Heng
"Quis custodiet ipsos custodes?"
Hands-On Project 4.3 Sources
No comments:
Post a Comment