Talk:Pharming

From Wikipedia, the free encyclopedia

Contents 1 Multiple attack vectors ascribed to pharming 2 No need to explain how IP works 3 leaves of the internet 4 Controversy over the term 5 Philips routers can be manipulated even when the password has been changed 6 How to protect against pharming

[edit] Multiple attack vectors ascribed to pharming

It appears there are now several, entirely different, scams being referred to as "pharming".

The examples of ebay.de, Panix, etc., are social engineering, whereas "pharming" has also been used to describe an attack on the DNS resolution process itself -- http://www.wired.com/news/infostructure/0,1377,66853,00.html .

-- anonymous

additional attack vectors with external references:

DNS poisoning -- http://www.microsoft.com/athome/security/privacy/pharming.mspx

Host file, wildcards, trojon horse and DNS poisoning -- http://www.wired.com/news/infostructure/0,1377,66853,00.html

DNS poisoning, domain spoofing -- http://reviews.cnet.com/4520-3513_7-5670780-1.html

Drive by pharming and anti-DNS pinning -- www.cs.indiana.edu/pub/techreports/TR641.pdf, http://www.infoworld.com/article/07/02/23/HNsecondgoogledesktopattack_1.html

BGP route poisoning -- http://www.securityfocus.com/columnists/429 (a little too general)

Tanjstaffl 20:33, 12 March 2007 (UTC)

[edit] No need to explain how IP works

I think that the 1st paragraph of Explanation of Pharming should be removed. It is too basic and already explained in IP address and TCP_IP. At least, it should be cut.

ok

The term "hacker" seams to be used inappropriately though linked correctly. Using "black hat" in the text would make it more difficult to understand and using "cracker" might be unclear, too. I suggest trying to ship around the term in general. -- anonymous

[edit] leaves of the internet

What does "the most vulnerable points of compromise are near the leaves of the internet" mean? This is a little unclear.

[edit] Controversy over the term

I can't find that quote anywhere, except citations to this very article. Should it be removed? --Rotring 12:51, 23 February 2007 (UTC)

I think Rotring is right.

Now if you click to http://www.antiphishing.org/, the first header is "What is Phishing and Pharming?"

This is clearly an obsolete or possibly fictional quote.

Tanjstaffl 20:39, 12 March 2007 (UTC)

[edit] Philips routers can be manipulated even when the password has been changed

It appear that Philips routers are especially vulnerable because they accept cgi commands without a password. For the time being, this is original research (I don't own a Philops router), my source is https://bugzilla.mozilla.org/show_bug.cgi?id=371598 but it appears to me to be a very serious security threat.  Andreas  ^(T) 17:26, 25 February 2007 (UTC)

Philips has issued a firmare upgrade that fixes this  Andreas  ^(T) 01:20, 1 March 2007 (UTC)

[edit] How to protect against pharming

This section is incorrect, it describes using nslookup to do the lookup, but nslookup does not support reverse lookups in the way described... it is used to find a resolved address for a domain name.

To find the domain name for an ip address use a reverse lookup tool such as the one found here: http://www.zoneedit.com/lookup.html

To find out who owns an IP address use whois from www.arin.net.

Bproven 00:26, 1 March 2007 (UTC)

I agree the example is useless. If you are being pharmed then your nslookup will provide the same answer as your browser -- you are checking the same compromised DNS source in both cases. You must either direct your query to a trusted DNS server (might be impossible if a rootkit is present) or a valid external source on the web.

Tanjstaffl 19:55, 12 March 2007 (UTC)