(lame) spoofing DNS with hosts files...

[".MetsyS." <stf () xtra co nz>]

Hi everybody,

The recent discussion on the IE bookmark problem made me think of some
other ways you could force sombody to point their browser somewhere they
were not intending to.

My apologies if this is already well known and i'm wasting bandwidth.
(which is probably the case)

You will end up at abcnews.com instead of hotmail.com in this example

Open up your windows host file and add an entry like:
204.202.136.30 www.hotmail.com

I tested this with Netscape 4.08 Win98SE with proxies turned off.

Now open up your web browser and tell it to go to www.hotmail.com if your
proxy server settings are not forced you should end up at www.abcnews.com.

I know this is silly, and rather obvious... just remember... this is not
just limited to the web browser, your curcumventing a DNS lookup.

eg:
C:\WINDOWS>ping www.hotmail.com

Pinging www.hotmail.com [64.4.44.7] with 32 bytes of data:

Control-C
C:\WINDOWS>echo 192.168.1.2 www.hotmail.com >> hosts

C:\WINDOWS>ping www.hotmail.com

Pinging www.hotmail.com [192.168.1.2] with 32 bytes of data:

Reply from 192.168.1.2: bytes=32 time=38ms TTL=255

Ping statistics for 192.168.1.2:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 38ms, Maximum =  38ms, Average =  38ms
Control-C


Tested the same thing under linux too... no suprises really I spose just
something to ponder... 

Keep a tripwire DB.

One last thing which is kind of off topic... has anybody seen some good
papers that discuss loose source routing ? and how to set up a packet with
LSR ?

Suggestions, comments welcome.

.MetsyS.