What is Ghost DNS and What Does It do? ?
GhostDNS is made up of tools to abuse security leaks in the router. Don't forget that the solutions can detect potenial malicious files. When it's detected, it elaborately analyzes the content it contains and the characteristics of the file As a result they can have full access on the file and programs like Avast.
From this it has been made possible to know in detail what GhostDNS is about and how it performs the violation of routers. Most of these devices target Latin America but it can reach Spain very soon as well.
What does GhostDNS Contain?
Everything you need for performing DNS Hijacking attacks. These kind of attacks can be performed both in the Internet and in internal network.
Aside from internal attacks, GhostDNS permits attacks on any computer's network that uses router as network gateway. But, attacks that occur via Internet access, requires a router with security leaks and a different tool. This tool is contained in a compressed file that is detected by scanning tool Avast.
As we interpret, the target points out Latin America countries. But in reports, it's showed that Brasil is the most effected country. For vulnerable routers the browser is called BRUT, the parameters it uses to access them are public open IPs and open HTTP port. The anti-virus scans detected two versions.
Versiyon 1: It detects devices more shortly. But it comprehensively lists forwarders potential default username and password combinations.
Sürüm 2 (The latest): It detects more devices, however it contains less administrator identity combination.
One of the reasons why these kinds of exploitation kits are so successful is ; because it has so many default administrator identity information of most of the routers. For the security of these identity information, of course it's recommended to change predictable personal data or an identity number to unpredictable passwords. However it still hasn't become a norm and it's the reason why there are several routers with same username and password combinations.
It's recommended for you to visit our instructor to know how to create strong passwords.
We've said above that the scanner has two versions. Second, for a cyber criminal, it is more fitting to have more routers and less potential password combinations. This only gives more advantage to break one password combination. It's this simple and with low effort.
When a router is violated by GhostDNS, the administrator access password is changed. deadcorp2017 . An interesting fact, it's among vulnerable router's identity informations, it's already a password belonging to infected routers. In case of this router being a victim of GhostDNS, it means that by the action of other cyber criminals it'll become a victim again.
Violation and Attack Plan
As known, GhostDNS notorious web security risks OWASP is used against it. This is called request spoofing among sites. It appears from changing DNS settings in the router. This, permits DNS requests to be forwarded to a malicious DNS server. The address of the malicious DNS server, changes according to the criterias of the cyber criminal. Till now Avast! has met, 3 malicious DNS configurations that are luckily not working.
The most doubtful side of this, is that there isn't any irregularities detected until someone that's related to the router has it's datas stolen. The report also shows that by the popular anti-virus solution it's possible to classify fake web sites. Don't forget that these fake sites are in a browser of a violated router.. Some of these are :
Banks:
Itaú
Santander
Bradesco
The importance of the protection of protecting the devices that we connect to internet with has been improved once more. Not only in computers, in this situation we are also talking about Wi-Fi routers. But, at the same time to get the settings more secure is important as well. Only changing the router administrator's password will make a difference.
Other than that, we should be very careful when we are surfing the web. Even if it's sites that we visit often.
We've mentioned sites that are included in the GhostDNS exploitation kti, and we can find many sites releated to extremely popular foundations and services. Let's take a second, and check the URLs of the sites we've visited. Nowadays, even though the phishing sites look very similiar to official sites, we must also pay attention to the site's content.
However, the most effective shield against router violation events is protecting the administrator access with a ver strong and secure password.
GhostDNS is made up of tools to abuse security leaks in the router. Don't forget that the solutions can detect potenial malicious files. When it's detected, it elaborately analyzes the content it contains and the characteristics of the file As a result they can have full access on the file and programs like Avast.
From this it has been made possible to know in detail what GhostDNS is about and how it performs the violation of routers. Most of these devices target Latin America but it can reach Spain very soon as well.
What does GhostDNS Contain?
Everything you need for performing DNS Hijacking attacks. These kind of attacks can be performed both in the Internet and in internal network.
Aside from internal attacks, GhostDNS permits attacks on any computer's network that uses router as network gateway. But, attacks that occur via Internet access, requires a router with security leaks and a different tool. This tool is contained in a compressed file that is detected by scanning tool Avast.
As we interpret, the target points out Latin America countries. But in reports, it's showed that Brasil is the most effected country. For vulnerable routers the browser is called BRUT, the parameters it uses to access them are public open IPs and open HTTP port. The anti-virus scans detected two versions.
Versiyon 1: It detects devices more shortly. But it comprehensively lists forwarders potential default username and password combinations.
Sürüm 2 (The latest): It detects more devices, however it contains less administrator identity combination.
One of the reasons why these kinds of exploitation kits are so successful is ; because it has so many default administrator identity information of most of the routers. For the security of these identity information, of course it's recommended to change predictable personal data or an identity number to unpredictable passwords. However it still hasn't become a norm and it's the reason why there are several routers with same username and password combinations.
It's recommended for you to visit our instructor to know how to create strong passwords.
We've said above that the scanner has two versions. Second, for a cyber criminal, it is more fitting to have more routers and less potential password combinations. This only gives more advantage to break one password combination. It's this simple and with low effort.
When a router is violated by GhostDNS, the administrator access password is changed. deadcorp2017 . An interesting fact, it's among vulnerable router's identity informations, it's already a password belonging to infected routers. In case of this router being a victim of GhostDNS, it means that by the action of other cyber criminals it'll become a victim again.
Violation and Attack Plan
As known, GhostDNS notorious web security risks OWASP is used against it. This is called request spoofing among sites. It appears from changing DNS settings in the router. This, permits DNS requests to be forwarded to a malicious DNS server. The address of the malicious DNS server, changes according to the criterias of the cyber criminal. Till now Avast! has met, 3 malicious DNS configurations that are luckily not working.
The most doubtful side of this, is that there isn't any irregularities detected until someone that's related to the router has it's datas stolen. The report also shows that by the popular anti-virus solution it's possible to classify fake web sites. Don't forget that these fake sites are in a browser of a violated router.. Some of these are :
Banks:
Itaú
Santander
Bradesco
The importance of the protection of protecting the devices that we connect to internet with has been improved once more. Not only in computers, in this situation we are also talking about Wi-Fi routers. But, at the same time to get the settings more secure is important as well. Only changing the router administrator's password will make a difference.
Other than that, we should be very careful when we are surfing the web. Even if it's sites that we visit often.
We've mentioned sites that are included in the GhostDNS exploitation kti, and we can find many sites releated to extremely popular foundations and services. Let's take a second, and check the URLs of the sites we've visited. Nowadays, even though the phishing sites look very similiar to official sites, we must also pay attention to the site's content.
However, the most effective shield against router violation events is protecting the administrator access with a ver strong and secure password.
For more visit Magazine 44 Page...
Source : https://www.turkhackteam.org/web-server-guvenligi/1924046-ghost-dns-nedir-ve-ne-ise-yarar.html
Translator : Vilgefortz
Source : https://www.turkhackteam.org/web-server-guvenligi/1924046-ghost-dns-nedir-ve-ne-ise-yarar.html
Translator : Vilgefortz
