ARP 欺骗是指攻击者从非权威 DHCP 服务器发送 ARP 消息以更改 IP/网关,或者在这种情况下更改受害者的 DNS 服务器。
一旦受害者的 DNS 服务器被更改,攻击者就可以启动 DNS 欺骗攻击,这意味着受害者的 DNS 请求现在被重定向到非权威 DNS 服务器,该服务器可能会谎报银行的 IP 地址。
通过这样做,攻击可以让受害者使用有效的地址浏览 http://www.yourbank.com来自银行的 SSL 证书,但服务器的 IP 将是另一个。这样攻击者就可以访问您的银行信息并几乎清空您的帐户。 WEB 浏览器不会抱怨 SSL 证书中的错误 URL。
ARP spoofing is when the attacker is sending out ARP messages from a non-authoritative DHCP server in order to change the IP/Gateway, or in that case the DNS servers of the victim.
Once the DNS server of the victim has been changed then the attacker can start the DNS-spoofing attack, which means that the victim's DNS requests are now redirected to a non-authoritative DNS server which may lie about the IP address of a bank.
By doing so the attack can get the victim to surf to http://www.yourbank.com, using a valid SSL-cert from the bank, but the IP of the server will be another one. That way the attacker can get access to your bank information and pretty much empty your account. WEB browsers will not complaint about wrong URL in the SSL-certificate.
DNS(域名服务)欺骗是指攻击者使用虚假 IP 信息回复 DNS 请求(发送以解析主机名的 IP 地址)。这通常用于将用户重定向到虚假网站。
ARP (Address Resolution Protocol) Spoofing is when an attacker sends out fake replies to an ARP Request. This is done usually to impersonate a router so that an attacker can intercept traffic.
DNS (Domain Name Service) Spoofing is when an attacker replies to DNS Requests (sent to resolve the IP address of a hostname) with false IP information. This is typically used to redirect users to false websites.
发布评论
评论(3)
ARP 欺骗是指攻击者从非权威 DHCP 服务器发送 ARP 消息以更改 IP/网关,或者在这种情况下更改受害者的 DNS 服务器。
一旦受害者的 DNS 服务器被更改,攻击者就可以启动 DNS 欺骗攻击,这意味着受害者的 DNS 请求现在被重定向到非权威 DNS 服务器,该服务器可能会谎报银行的 IP 地址。
通过这样做,攻击可以让受害者使用有效的地址浏览 http://www.yourbank.com来自银行的 SSL 证书,但服务器的 IP 将是另一个。这样攻击者就可以访问您的银行信息并几乎清空您的帐户。 WEB 浏览器不会抱怨 SSL 证书中的错误 URL。
ARP spoofing is when the attacker is sending out ARP messages from a non-authoritative DHCP server in order to change the IP/Gateway, or in that case the DNS servers of the victim.
Once the DNS server of the victim has been changed then the attacker can start the DNS-spoofing attack, which means that the victim's DNS requests are now redirected to a non-authoritative DNS server which may lie about the IP address of a bank.
By doing so the attack can get the victim to surf to http://www.yourbank.com, using a valid SSL-cert from the bank, but the IP of the server will be another one. That way the attacker can get access to your bank information and pretty much empty your account. WEB browsers will not complaint about wrong URL in the SSL-certificate.
基本上,这两种方法都尝试相同的方法(将流量重定向或转发到恶意主机),但它们的工作级别不同,ARP 欺骗仅在 LAN 内直至下一个路由器。请参阅 http://en.wikipedia.org/wiki/ARP_spoofing 和 http://en.wikipedia.org/wiki/DNS_Spoofing
Basically both methods try the same (redirecting or forwarding traffic to malicious hosts), but they work at a different level, ARP spoofing only within a LAN up to the next router. See http://en.wikipedia.org/wiki/ARP_spoofing and http://en.wikipedia.org/wiki/DNS_Spoofing
ARP(地址解析协议)欺骗是指攻击者对 ARP 请求发出虚假回复。这样做通常是为了冒充路由器,以便攻击者可以拦截流量。
DNS(域名服务)欺骗是指攻击者使用虚假 IP 信息回复 DNS 请求(发送以解析主机名的 IP 地址)。这通常用于将用户重定向到虚假网站。
ARP (Address Resolution Protocol) Spoofing is when an attacker sends out fake replies to an ARP Request. This is done usually to impersonate a router so that an attacker can intercept traffic.
DNS (Domain Name Service) Spoofing is when an attacker replies to DNS Requests (sent to resolve the IP address of a hostname) with false IP information. This is typically used to redirect users to false websites.