The objective of this lab is to provide students with a firsthand experience of conducting a remote DNS cache poisoning attack, also known as the Kaminsky DNS attack. The Domain Name System (DNS) is often described as the Internet's phone book, responsible for translating hostnames to IP addresses and vice versa. This translation process, known as DNS resolution, occurs behind the scenes. However, DNS Pharming attacks aim to manipulate this resolution process in various ways, often with the intent of misdirecting users to alternative, and potentially malicious, destinations. This lab specifically focuses on a DNS Pharming attack technique called the DNS Cache Poisoning attack.
| Attack description |
|---|
 |
In another SEED Lab, we have designed activities to conduct the same attack within a local network environment, where both the attacker and the victim DNS server are on the same network, making packet sniffing possible. In this remote attack lab, packet sniffing is not an option, making the attack significantly more challenging than the local version.
Update Notice: This lab description was last updated on July 26, 2020. If you encounter this update during your assignment, you can always access the previous version here. The old version will be phased out soon.
VM version: This lab has been thoroughly tested on our pre-built SEEDUbuntu16.04 VM.
Before you begin, ensure that you have the following prerequisites:
- SEEDUbuntu16.04 VM: Download and set up the SEEDUbuntu16.04 VM, which has been pre-configured for this lab.
To get started with the Remote DNS Attack Lab, follow these steps:
- Download the SEEDUbuntu16.04 VM if you haven't already.
For more information and guidance on this lab, refer to the official SEED Lab documentation: SEED Lab - Remote DNS Attack Lab.
Copyright © Wenliang Du, Syracuse University