Browse > Article
http://dx.doi.org/10.6109/jkiice.2019.23.11.1451

Web Server Hacking and Security Risk using DNS Spoofing and Pharming combined Attack  

Choi, Jae-Won (Department of Computer Engineering, Kyungsung University)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.23, no.11, 2019 , pp. 1451-1461 More about this Journal
Abstract
DNS spoofing is an attack in which an attacker intervenes in the communication between client and DNS server to deceive DNS server by responding to a fake IP address rather than actual IP address. It is possible to implement a pharming site that hacks user ID and password by duplicating web server's index page and simple web programming. In this paper we have studied web spoofing attack that combines DNS spoofing and pharming site implementation which leads to farming site. We have studied DNS spoofing attack method, procedure and farming site implementation method for portal server of this university. In the case of Kyungsung Portal, bypassing attack and hacking were possible even though the web server was SSL encrypted and secure authentication. Many web servers do not have security measures, and even web servers secured by SSL can be disabled. So it is necessary that these serious risks are to be informed and countermeasures are to be researched.
Keywords
DNS Spoofing; ARP Spoofing; Web Spoofing; Network Security;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 KISA, DNSSEC (Domain Name System Security Extension) Concept [Internet]. Available:https://kisa.kr/jsp/resources/dns/dnssecInfo/dnssecInfo.jsp, 2019.
2 V. Bhavana, "Data Security in Cloud environments," Asia-pacific Journal of Convergent Research Interchange, HSST, ISSN : 2508-9080, vol.1, no.4, (2015,December). pp. 25-31, [Internet]. Available: http://dx.doi.org/10.21742/APJCRI.2015.12.04.   DOI
3 RSEC.KR, HSTS (HTTP Strict Transport Security) Concept and Setup[Internet]. Available: https://rsec.kr/?p=315, Jul. 28, 2017.
4 D. I. Yang, Network Hacking and Security, Seoul, Korea: Hanbit Media Inc., ch. 3, pp. 128-129, 2016.
5 J. W. Choi, "Research on Network Hacking and Implementation Techniques using ARP Redirect Method according to Server Types," Jounal of Kysungsung Univ. RIET, vol. 23, pp. 1-11, Feb. 2017.
6 S. H. Moon, Learning hacking and security with Kali Linux, Seoul, Korea: BPAN Books Pub., ch. 1, pp.10-11, 2016.
7 Naver Blog. Introduction to the sniffing tools Dsniff [Internet]. Available: http://kkn1220.tistory.com/72.
8 J. W. Choi, "Network Hacking and Implementation Techniques using Faked ARP Reply Unicast Spoofing according to various Server Types," Journal of Korea Institute of Information and Communication Engineering, vol. 21, no. 1, pp. 61-71, Jan. 2017.   DOI
9 Deepak Devanand, ARP Cache in Windows [Internet]. Available:https://windowswizardry.wordpress.com/2017/05/22/arp-cache-in-windows, May 22, 2017.