Repository files navigation

The goal of this project is for students to experience theremote DNS cache poisoning attack, commonly known as theKaminsky DNS attack.

TheDomain Name System (DNS) functions as the Internet's directory service, converting domain names into IP addresses and vice versa. This process of DNS resolution typically occurs seamlessly in the background. However,DNS Pharming attacks can disrupt this resolution process, redirecting users to unintended, often malicious, destinations.

This lab specifically examines theDNS Cache Poisoning attack, a particular method of DNS Pharming.

• 🐍Python
• 🖥Ubuntu 20.04 VM

• 💻Windows 10 (21H2)

1. DNS and How It Works
2. DNS Server Setup
3. DNS Cache Poisoning Attack
4. Spoofing DNS Responses
5. Packet Spoofing

This lab provided apractical demonstration of theKaminsky DNS cache poisoning attack, showcasing how vulnerabilities in the DNS protocol can be exploited to redirect users to malicious destinations.

• Simulated aremote DNS cache poisoning attack usingpacket spoofing techniques.
• Explored howDNS resolvers can be tricked into caching forged responses by exploitingnon-randomized transaction IDs and ports.
• Gained deeper insight into howDNS resolution works and thetrust model it relies on.

This lab emphasized the importance of:

• EnablingDNSSEC for integrity and authenticity of DNS data.
• Usingsource port and transaction ID randomization to reduce predictability.
• Regularlypatching and securing DNS infrastructure to mitigate pharming attacks.

By completing this project, we developed a strong understanding of both thetechnical implementation of the attack and thecritical defense mechanisms necessary to secure DNS systems in real-world environments.