Monitoring to Avoid DNS hijacking

That’s why it is very important to be warned in the event of an attack of this nature. In the market there are various commercial tools and providers and are responsible to provide such services.
How the attack work?

Indeed the DNS server is attacked to achieve the objective.
The tool that can help us is dnshjmon.
You need to configure several files before using the tool.
Modify the file nameservers.conf

 
 
 

Here we put against DNS servers that do the checks. They can be themselves or DNS DNS such as Google for example.
Modify the file dnshjmon_dns.conf

 
 
 

As we know in advance that IP addresses are configured, will only have to indicate them in the configuration file.
If we open the file we can see that it is configured to send emails happen when certain events .

 


Once configured, run dnshjmon

 



The tool detects that it is the first time we used it and therefore has no configuration file. We configure the parameters of our mail server.

 



Once you have configured the mail server will probe the IP address that we wanted to insure.

 



The script will create a configuration file with the data you have provided.

 



When the IP address changes, the tool we will notify you with an email.

 



Here we notice that the address had changed.

Notes:
1) To detect change-we have to run the script, so you have to configure it in the crontab.
2)-The password is stored in clear text, a forthcoming update script would do some SALT for storage.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s