[ previous ] [ next ] [ threads ]
 
 From:  "Quark IT - Hilton Travis" <hilton at quarkit dot com dot au>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] spoofing sites using monowall
 Date:  Thu, 16 Dec 2004 06:36:28 +1000
Hi Job,

> -----Original Message-----
> From: JobOberio - My List Mail [mailto:mylistmail at gmail dot com] 
> Sent: Thursday, 16 December 2004 06:16
> 
> hi,
> ------------------------------
> im curious about this idea.
> i know this is bad, but for education purpose only.
> and i will not do this 
> ---------------------------
> 
> you can add a dns map to your monowall
> 
> YAHOO.COM  to 192.168.1.2
> 
> in your  192.168.1.2 webserver 
> you create a similar content for yahoo.
> 
> when your user type yahoo.com in your browser,
> they will be redirected to 192.168.1.2 unknowingly
> 
> your users sign-in into the spoof yahoo site.
> 
> i never done this, so any comments?

This has been a standard way for many, many years to block/redirect
sites internal to your network.  For example, if you host a website -
say, www.example.com - in your DMZ, then typing "www.example.com" from
in your LAN will generally cause an error to be displayed as the
firewall will not route packets from the Internet claiming to be from
the local subnet, to the DMZ.  So placing "172.16.1.21 www.example.com"
in the hosts file on the firewall resolves this issue.

Also, it has been a standard way for many, many years to block access to
popup generating sites and sites with "questionable" content - redirect
these to 127.0.0.1 or another web server on your LAN that serves "No
Ads" type images.

So, as an administrator of your LAN, if you choose to use these methods
for nefarious purposes, in a business environment you should (with any
luck) end up in jail.  If it is a home LAN, then you should end up with
a good ar53 kicking.  :)

--

Regards,

Hilton Travis                          Phone: +61 (0)7 3344 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark AudioVisual             http://www.quarkav.net

http://www.threatcode.com/ <-- its now time to shame poor coders 
into writing code that is acceptable for use on today's networks

War doesn't determine who is right.  War determines who is left.