Last Articles


Most popular password

Network Information Security: Myths and Realities Omnipotence hackers

Hackers and crackers, or what is good and what is bad?

Chronology of the ARPANET - INTERNET

Protection system in Windows - Fact or Fiction

The basic principles of security

Manager SAM and Active Directory

Administrative boundaries: the forest or domain?

Can you trust a domain that is connected to the Internet?

Идентификаторы защиты (SID)

Why can not I log in as an administrator from any location?

Network security model and resource sharing

Remote attacks on distributed computing systems

Characteristics and mechanisms of implementation of standard remote attacks

Fake ARP-server on the Internet

False DNS-server on the Internet

Substitution of one of the subjects TCP-connections on the Internet

Malfunction host on the network

Mythical remote attacks on the Internet

Dedicated channel communication between objects distributed CS
False DNS-server on the Internet

 As is known, for access to hosts on the Internet using 32-bit IP-address uniquely identifies each network computer in this global network. However, for users of the application of IP-addresses when accessing the host is not too comfortable and not
the most obvious.

  At the beginning of birth for the convenience of Internet users it was decided to assign all the computers on the network names. The use of names allows the user to better navigate in cyberspace network Internet - much easier to understand and intuitive for the user to remember, for example, name www.ferrari.it, than the four-digit string IP-address.

  Using the Internet mnemonically clear to the user name created a problem of converting names to IP-address. Such a transformation is necessary because at the network level addressing of packets is not by name but by IP-address, therefore, to directly address messages to Internet names do not fit. At the stage of early development of Internet, when the network was combined a small number of computers, NIC (Network Information Center) to address the transformation of names in the address set up a special file (hosts file), which were made in the names and corresponding IP-addresses of all hosts on the network .

  This file is regularly updated and distributed throughout the network. But, according to Leray Development Internet, the number of networked hosts increased, and the scheme was becoming less and less workable, so a new system of name resolution that allows the user if his lack of information on compliance with the names and IP-addresses to obtain the necessary information from the nearest of the information retrieval server (DNS-server).

  This system is called Domain Name System - DNS (Domain Name System).

  For the implementation of the DNS system was created by a special network protocol DNS, in order to ensure their effective work in the network are allocated to specific information and search engines - DNS-servers. We explain the key objective for service DNS. In today's Internet network host when accessing a remote server typically has information only about his name and does not know its IP-address, which is necessary for the immediate addressing.

  Therefore, before the host appears common problem remote search: on behalf of the remote host to find its IP-address. The solution to this problem and is engaged in the DNS Protocol-based DNS.

  Consider DNS-search algorithm for the remote IP-address on behalf of a network of Internet:

  • Host sends IP-address of the nearest DNS-server (it is installed when you set up a network operating system)
  • DNS-query, which specifies the server name, IP-address of which must be found;
  • DNS-Server receives a request it searches its database of names for the presence therein specified in the query name. If the name is found, and thus found and the corresponding IP-address, it requests
  • Host DNS-server sends a DNS-response, which indicates the required IP-address. If specified in the request the name of DNS-server is not found in its database of names, the DNS-query is sent to DNS-server on one of the root
  • DNS-servers whose addresses are contained in the configuration file, DNS-server root. cache, and is described in this section, the procedure is repeated until the name is not found (or not found).


  Analyzing the security vulnerability of this scheme remote search using the protocol DNS, we can conclude about the possibility of implementing a network that uses the protocol DNS, the standard remote attack false objects viz.
Top 5 most read

The basic rules of safe behavior on the Internet

Manager SAM and Active Directory

You forget your password. What should I do? Part 3

Social engineering as a way of committing crimes in the sphere of computer information

Идентификаторы защиты (SID)
Copyright © 2010 BRV ISTCOM S.R.L.- раскрутка сайта