|
|
DNS 劫持一般说来就是当你访问一个网址时,DNS 将你重定向到一个不属于它的 IP 上。比如说,在你 ping mail.sznslib.com.cn 时,会得到深圳南山图书馆的邮箱的服务器 IP : 218.17.222.251 。此时假设你所用的 DNS 服务器被劫持了(有个黑客获取了你所用的 DNS 的控制权),那么该黑客将 DNS 里的关于 mail .sznslib.com.cn 的实际 IP (A 记录) 改成了 218.17.210.33 ,而它又在这个 IP 上伪造了一个和 mail.sznslib.com.cn 同样的邮箱登录界面,那么当你在登录邮箱时,所登录的用户名和密码都会被黑客所盗取。
一般情况下,普通家庭用户使用的都是电信或者是联通这些 ISP 提供的 DNS 服务器。而电信比较喜欢做的事情就是对 DNS 进行篡改,我们也可以称为劫持。比如你 ping 一个不存在的域名时:C:\Users\Administrator>ping 82jsdfolsjdfljad.com
正在 Ping 82jsdfolsjdfljad.com [59.37.71.86] 具有 32 字节的数据:
来自 59.37.71.86 的回复: 字节=32 时间=5ms TTL=57
来自 59.37.71.86 的回复: 字节=32 时间=6ms TTL=57 http://www.dnsstuff.com/tools/whois/?ip=59.37.71.86 Using 30+ day old [STALE - being deleted now] cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).
% [whois.apnic.net node-3]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 59.32.0.0 - 59.42.255.255
netname: CHINANET-GD
descr: CHINANET Guangdong province network
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN
admin-c: CH93-AP
tech-c: IC83-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-GD
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: **********@apnic.net 20040802
changed: **********@apnic.net 20041123
source: APNIC
person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: *********@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: ******@cndata.com 20070416
mnt-by: MAINT-CHINANET
source: APNIC
person: IPMASTER CHINANET-GD
nic-hdl: IC83-AP
e-mail: *****@189.cn
address: NO.1,RO.DONGYUANHENG,YUEXIUNAN,GUANGZHOU
phone: +86-20-83877223
fax-no: +86-20-83877223
country: CN
changed: *****@189.cn 20110418
mnt-by: MAINT-CHINANET-GD
remarks: IPMASTER is not for spam complaint,please send spam complaint to ***********@189.cn
abuse-mailbox: ***********@189.cn
source: APNIC
在 linux 下,我们可以使用 dig 命令来获得更多的信息:#dig 82jsdfolsjdfljad.com
; <<>> DiG 9.7.0-P1 <<>> 82jsdfolsjdfljad.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58717
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;82jsdfolsjdfljad.com. IN A
;; ANSWER SECTION:
82jsdfolsjdfljad.com. 128 IN A 59.37.71.86
;; Query time: 8 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Nov 10 12:11:34 2011
;; MSG SIZE rcvd: 54 # dig @202.96.128.166 82jsdfolsjdfljad.com
; <<>> DiG 9.7.0-P1 <<>> @202.96.128.166 82jsdfolsjdfljad.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1577
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;82jsdfolsjdfljad.com. IN A
;; ANSWER SECTION:
82jsdfolsjdfljad.com. 128 IN A 59.37.71.86
;; Query time: 17 msec
;; SERVER: 202.96.128.166#53(202.96.128.166)
;; WHEN: Thu Nov 10 12:13:41 2011
;; MSG SIZE rcvd: 54 # dig @8.8.8.8 82jsdfolsjdfljad.com
; <<>> DiG 9.7.0-P1 <<>> @8.8.8.8 82jsdfolsjdfljad.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58655
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;82jsdfolsjdfljad.com. IN A
;; AUTHORITY SECTION:
com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1320898501 1800 900 604800 86400
;; Query time: 19 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Nov 10 12:15:37 2011
;; MSG SIZE rcvd: 111
自定义 DNS 域名的方法很简单,如果是路由用户,可以登录到路由器中修改,如果是 ADSL 拨号用户,那么在控制面板,网络连接的属性里自定义 DNS 地址。谷歌的开放 DNS 有两:8.8.8.8 和 8.8.4.4 。 |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
|
窥视卡
雷达卡
发表于 2011-11-10 12:19:23
收藏
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡