LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Dns spoofung attacks detection
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-04-2017, 01:24 PM   #1
hajthem
LQ Newbie
 
Registered: Jun 2017
Posts: 3

Rep: Reputation: Disabled
Dns spoofung attacks detection

Hmm it might be inapropriate question

Can Dns spoofing attacks be detected using ping facebook and and looking through fb ip
Last edited by hajthem; 09-04-2017 at 01:34 PM.
 
Old 09-04-2017, 06:05 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,347

Rep: Reputation: Disabled
As long as you know what to compare the result to, yes.

A far easier way would be to perform a lookup directly against the authoritative nameserver for the domain in question. For facebook.com that would be:
Code:
# nslookup -q=ns facebook.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
facebook.com    nameserver = a.ns.facebook.com.
facebook.com    nameserver = b.ns.facebook.com.
...a.ns.facebook.com and b.ns.facebook.com, which have the IP addresses:
Code:
# nslookup -q=a a.ns.facebook.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   a.ns.facebook.com
Address: 69.171.239.12

# nslookup -q=a b.ns.facebook.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   b.ns.facebook.com
Address: 69.171.255.12
...69.171.239.12 and 69.171.255.12 respectively, unless 8.8.8.8 has been successfully poisoned by a spoofing attack already, that is.

Performing a direct lookup against an authoritative name server is the closest you can get to a surefire way of avoiding spoofing. If such a server gives the wrong answer, the server itself or possibly the entire zone must have been hijacked through some other means, and in that case all bets are off anyway.
 
1 members found this post helpful.
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How Active Intrusion Detection Can Seek and Block Attacks LXer Syndicated Linux News 0 07-16-2017 08:36 PM
[SOLVED] Deauthentication attacks - prevention ? your favorite detection tools. mazinoz Linux - Security 7 12-21-2015 04:54 PM
US-CERT Alert (TA13-088A) DNS Amplification Attacks tronayne Linux - Security 0 07-06-2013 11:44 PM
[SOLVED] US-CERT Alert TA13-088A: DNS Amplification Attacks tronayne Linux - Security 0 03-31-2013 03:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:01 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration