The exact same effect can be achieved with ARP spoofing. The hijacker simply convinces your machine that he is a default gateway, and voila, he has full access to all your Internet- bound traffic.
Alex > -----Original Message----- > From: p2p-hackers-boun...@lists.zooko.com [mailto:p2p-hackers- > boun...@lists.zooko.com] On Behalf Of David Barrett > Sent: May 25, 2009 2:47 PM > To: theory and practice of decentralized computer networks > Subject: Re: [p2p-hackers] DNS hijacking? > > It's not eavesdropping I'm concerned about. I'm thinking with this > attack you could inject malicious code into otherwise innocuous HTTP > traffic. For example, you might add a "Install the latest Google > Toolbar!" link straight into the live, functional Google homepage, and > even make that link look like it's coming straight from > http://google.com, but then host a virus-infected version of Google > Toolbar. > > -david > > Tien Tuan Anh Dinh wrote: > >> I'm primarily thinking of a wifi office or internet cafe; can't > >> everybody sniff everybody else's traffic (including DNS requests)? > Does > >> this mean that every wifi network is vulnerable to this really easy > >> attack, and there's basically no defense other than upgrading all of > DNS? > > > > When your traffic is in plain-text while you're in a wifi cafe, you > give > > your privacy to the one operating that access point already. > > > > https was designed for these scenarios. When your traffic is > sensitive, > > use https. > > > > I'm wondering what would one gain by eavesdropping unimportant > traffic > > of others in an Internet cafe? I'm not sure if this attack can cause > any > > noticeable damage. > > > > A. > > > > > > > > > > > > _______________________________________________ > > p2p-hackers mailing list > > p2p-hackers@lists.zooko.com > > http://lists.zooko.com/mailman/listinfo/p2p-hackers > > _______________________________________________ > p2p-hackers mailing list > p2p-hackers@lists.zooko.com > http://lists.zooko.com/mailman/listinfo/p2p-hackers _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
