I'm trying to use Kaminsky DNS cache poisoning method. I'm using bind9 server on ubuntu and static port. So far I achieved to insert a line into DNS cache which is ;additional www.blalba.com 80000 A 1.2.3.5 I thought that was enough to redirect users to 1.2.3.5 but when I try to get IP address of www.blalba.com with nslookup command DNS server still gives me the correct answer.
What I'm sending to DNS server is like this; ;; ANSWER SECTION: aaaa.blabla.com. 120 IN A 1.2.3.4 ;; AUTHORITY SECTION: aaaa.blabla.com. 86400 IN NS www.blabla.com. ;; ADDITIONAL SECTION: www.blabla.com. 604800 IN A 1.2.3.5 When I look DNS cache I could find aaaa.blabla.com 1.2.3.4 record also the additional record. Is there anything wrong with my method or my DNS server? Thanks.
Aucun commentaire:
Enregistrer un commentaire