Forums
Main Category
General (Technical,...
DNS Hijacking Detec...
 
Notifications
Clear all

DNS Hijacking Detection

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by TinyBrain 6 years ago
17 Posts
6 Users
0 Reactions
2,451 Views
RSS
passcodeunlock
 passcodeunlock
(@passcodeunlock)
Prominent Member
Joined: 9 years ago
Posts: 792
26/02/2019 9:47 pm  

Let's say we got an up to date platform.


   
ReplyQuote
watcher
 watcher
(@watcher)
Estimable Member
Joined: 19 years ago
Posts: 125
27/02/2019 5:03 am  

If the DNS credentials provided by your ISP/MNO are compromised by hijacking (NetBIOS overwritten) it may helps to compare the e.g. financial institution ebanking IP has previously been stored to check. But at the current state if the internet connection is running how to detect the DNS hijacking? On e.g. RIPE rDNS or pre-delegated domains can be checked but too complicated for ordinary users.

What should a user do to check DNS hijacking before he/she provides login credentials including OTPs in a compromised but perfect similar looking fake site?

An easy way to check must be found for non-forensics profs.

This question and thread seems to have gone off the rails.

First off DNS responses are not credentials.

"NetBIOS overwritten" is a complete non sequitur. ?

"… compare the e.g. financial institution ebanking IP …" flys in the face of how the Internet works. IP addresses are not credentials either.

"…before he/she provides login credentials …" needs some kind of security mechanism that can be verified, ideally automatically, if a site is real or fake. It could be a cryptographically signed credential verified by trusted authorities signing the identifier. Signatures by untrusted authorities would be blocked or flagged. We could call it a Cert for short.

Better yet, we could just put an "S" on the end of HTTP.

If this was an attempt to discuss DNSsec, the horse died at the gate.


   
ReplyQuote
 TinyBrain
(@tinybrain)
Reputable Member
Joined: 9 years ago
Posts: 354
Topic starter 27/02/2019 11:14 am  

The horse got recovered and is alive. Lets put aside that ordinary users can protect against DNS Hijacking. Where is to find a public history of DNS hijacking to investigate (this is forensics) an eBanking fraud back to the event date?


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
27/02/2019 1:21 pm  

… and just to introduce some added complication …

… let's talk of eTLS/ETS, i.e. "quasi-TLS" 😯
https://www.eff.org/deeplinks/2019/02/ets-isnt-tls-and-you-shouldnt-use-it

In a nutshell wink

Instead of thinking of this as “Enterprise Transport Security,” which the creators say the acronym stands for, you should think of it as “Extra Terrible Security.”

jaclaz


   
ReplyQuote
 TinyBrain
(@tinybrain)
Reputable Member
Joined: 9 years ago
Posts: 354
Topic starter 27/02/2019 5:35 pm  

Where is to find a public history of DNS hijacking?


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
27/02/2019 9:49 pm  

Where is to find a public history of DNS hijacking?

A possible starting point
http//isacaroma.it/pdf/150416-17/AttacksAgainstDNS-Rome2015%2520-%2520nc.pdf

jaclaz


   
ReplyQuote
 TinyBrain
(@tinybrain)
Reputable Member
Joined: 9 years ago
Posts: 354
Topic starter 28/02/2019 11:49 am  

Page not found


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: