Checking for Cache Poisoning

Jul 29, 2008
1 min read
Rapid7

Last updated at Wed, 26 Jul 2017 16:32:54 GMT

After seeing the SBC/ATT server for Austin get poisoned, serve up advertisements, and eventually get taken offline, I decided to add a module to compare DNS results between two servers. In the following example, the ".gov" TLD has been poisoned with the bailiwicked_domain Metasploit module:

msf > use auxiliary/spoof/dns/compare_results

msf auxiliary(compare_results) > set BASEDNS 4.2.2.3
BASEDNS => 4.2.2.3

msf auxiliary(compare_results) > set TARGDNS poisoned.server
TARDNS => poisoned.server

msf auxiliary(compare_results) > set NAMES www.fbi.gov
NAMES => www.fbi.gov

msf auxiliary(compare_results) > run
[*] Comparing results between 4.2.2.3 and poisoned.server...
[*] Querying servers for www.fbi.gov...
[*] Analyzing results for 1 entries...
[*]   - www.fbi.gov A 64.86.183.120
[*]   - www.fbi.gov A 64.86.183.99
[*]   - www.fbi.gov CNAME a33.g.akamai.net
[*]   - www.fbi.gov CNAME fbi.edgesuite.net
[*]   www.fbi.gov A 1.3.3.7
[*] Auxiliary module execution completed

Checking for Cache Poisoning

POST TAGS

SHARING IS CARING

AUTHOR

Topics

Popular Tags

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.

Checking for Cache Poisoning

POST TAGS

SHARING IS CARING

AUTHOR

Topics

Popular Tags

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.

Never miss a blog