True, but it seems unnecessarily hard core: it affects all your traffic, which means you need to do a lot more work than set up a simple HTTP gateway.
Furthermore, the DNS approach lets you selectively hijack those specific domains that you have an attack package ready for: there's no value in hijacking a domain you aren't prepared to abuse, as it just increases the chance of detection. But wow, I'm amazed this doesn't happen more. It seems like this would be the most obvious way to spread a virus. Indeed, I could imagine creating a proxy that auto-infects every executable file that comes through it (just add a silent rootkit installer that runs before the real installer). -david Alex Pankratov wrote: > The exact same effect can be achieved with ARP spoofing. The > hijacker simply convinces your machine that he is a default > gateway, and voila, he has full access to all your Internet- > bound traffic. > > Alex > >> -----Original Message----- >> From: p2p-hackers-boun...@lists.zooko.com [mailto:p2p-hackers- >> boun...@lists.zooko.com] On Behalf Of David Barrett >> Sent: May 25, 2009 2:47 PM >> To: theory and practice of decentralized computer networks >> Subject: Re: [p2p-hackers] DNS hijacking? >> >> It's not eavesdropping I'm concerned about. I'm thinking with this >> attack you could inject malicious code into otherwise innocuous HTTP >> traffic. For example, you might add a "Install the latest Google >> Toolbar!" link straight into the live, functional Google homepage, and >> even make that link look like it's coming straight from >> http://google.com, but then host a virus-infected version of Google >> Toolbar. >> >> -david >> >> Tien Tuan Anh Dinh wrote: >>>> I'm primarily thinking of a wifi office or internet cafe; can't >>>> everybody sniff everybody else's traffic (including DNS requests)? >> Does >>>> this mean that every wifi network is vulnerable to this really easy >>>> attack, and there's basically no defense other than upgrading all of >> DNS? >>> When your traffic is in plain-text while you're in a wifi cafe, you >> give >>> your privacy to the one operating that access point already. >>> >>> https was designed for these scenarios. When your traffic is >> sensitive, >>> use https. >>> >>> I'm wondering what would one gain by eavesdropping unimportant >> traffic >>> of others in an Internet cafe? I'm not sure if this attack can cause >> any >>> noticeable damage. >>> >>> A. >>> >>> >>> >>> >>> >>> _______________________________________________ >>> p2p-hackers mailing list >>> p2p-hackers@lists.zooko.com >>> http://lists.zooko.com/mailman/listinfo/p2p-hackers >> _______________________________________________ >> p2p-hackers mailing list >> p2p-hackers@lists.zooko.com >> http://lists.zooko.com/mailman/listinfo/p2p-hackers > > _______________________________________________ > p2p-hackers mailing list > p2p-hackers@lists.zooko.com > http://lists.zooko.com/mailman/listinfo/p2p-hackers _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
