Substituting a fraudulent IP address can be done by either attacking the Domain Name System (DNS) server or the local host table. Attackers can target a local hosts file to create new entries that will redirect users to their fraudulent site. In this project, we will add a fraudulent entry to the local hosts file.
1) Start Internet Explorer.
2) Go to the Course Technology Web site at http://www.course.com/ and to Google at http://www.google.com/ to verify that the name is correctly resolved.
3) Click Start and All Programs and then click Accessories.
4) Right click on Notepad and select Run as administrator.
5) Click File and then Open. Under File Name change from Text Documents (*.txt) to All Files (*.*).
6) Navigate to the file C:\windows\system32\drivers\etc\hosts and open it.
7) At the end of the file, enter 74.125.47.99. This is the IP address of Google.
8) Press Tab and enter www.course.com. In this hosts table www.course.com is now resolved to the IP address 74.125.47.99.
9) Click File and then Save.
10) Open your Web browser and enter the URL www.course.com. What Web site appears?
After the Website, www.course.com is entered, the Google webpage appears instead of the CENGAGE LearningTm webpage.
11) Return to the hosts file and remove this entry.
12) Click File and then Save.
13) Close all windows.
Reflection
After doing this project, I find that it is quite easy to add a fraudulent entry to the local hosts file. If doing this is so easy, then I thought that the attackers would have an advantage. The attackers may create new entries that will redirect users to their fraudulent site which may contain viruses or malware that will automatically start downloading into the victim’s computer. Thus, the victim may not know that their computer has been infected.
No comments:
Post a Comment