|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: blocking new version of kazaa
From: Oblek (oblek
lug.stikom.edu)
Date: Thu Jul 31 2003 - 20:52:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This setup took me 8 minutes to complete:
1. install dsniff
2. edit dnsspoof.hosts
3. run dnsspoof
it was simple enough, that my granny can do it :)
> On Wed, Jul 30, 2003 at 10:06:36PM -0400, Nick Holland wrote:
>
> > Anyway, you set up a DNS resolver for your network, but you
> > "poison" it with little tidbits...for example, instead of doing
> > a "proper" search to find out what *.kazaa.com is, just tell the
> > resolver to ask that program over there...which happens to
> > respond "192.168.1.10", "127.0.0.1" or some other address within
> > your network for EVERY question it is asked.
>
> Since Nick is using that unclean DNS server, I thought I'd just
> chime in with how you'd do it with the real manly man's DNS
> server. I haven't upgraded to BIND 9 yet, but I can't imagine it
> being *that* different....
>
> Anyway, in your /var/named/named.boot file, add a line like this:
>
> primary kazaa.com kazaa
>
> (Of course, you'll have to set up BIND to work properly for
> evrything else, too. If you don't know how, learn before you try
> to do this kind of poisoning.)
>
> Then, /var/named/namedb/kazaa will look like:
>
> kazaa.com. IN SOA dns.example.com. myemail.example.com. (
> 2003073101 ; serial
> 10800 ; refresh
> 3600 ; retry
> 3600000 ; expire
> 86400 ) ; minimum
> IN NS dns.example.com.
>
> localhost.example.com. IN A 127.0.0.1
>
> kazaa.com. IN A 10.0.0.1
> *.kazaa.com. IN A 10.0.0.1
>
> You'll want to replace ``10.0.0.1'' with the IP address of
> where you'll send the clueless to. And, of course, replace
> ``example.com'' with your own domain, etc....
>
> The skillful will at the least script the whole thing, or take
> advantage of all sorts of nifty things that BIND can do. This
> isn't meant to be authoritative--rather, it's just enough to get
> you started in the right direction.
>
> Cheers,
>
> b&
>
> --
> Ben Goren
> mailto:bentrumpetpower.com
> http://www.trumpetpower.com/
> icbm:33o25'37"N_111o57'32"W
>
> [demime 0.98d removed an attachment of type application/pgp-signature]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]