PharmingGroup Number:Member Names:Date Assigned:Date Due:Last Edited:Lab Authors: Goal: Throughout decades, pharming has been one of the techniques that hackers use to redirect users to a malicious site. Therefore, we would like to use this lab to illustrate the effectiveness of the use of pharming by allowing the students an opportunity to explore the effectiveness of changing the host files and the DNS entry to redirect internet traffic of the users.Summary of the lab: The first part of the lab will deal with host file. This lab begins by talking about the usefulness of host files. Then, it will have an exercise that demonstrates the usefulness of host files in terms of pharming. Second part of the lab will be mainly on DNS. It first informs the students of the usefulness of DNS in the internet. Afterwards, itwill have an exercise of exploiting a DNS to poison the entry to get the users to go to the destinations’ of a hacker choice. In the third section the students will use ethereal to monitor DNS traffic. This section will also conclude with the countermeasure for the DNS poisoning problem as well.Equipment:In the section one the students will be using Windows XP virtual Machine for the user to manipulate the host file to point to the local webserver or the webserver in the lab.In the section two students will be using the Red Hat 4.0 WS physical machine and the local DNS server. In the section three the students will be using Red Hat 4.0 WS physical machine.Background and Theory: Before the Domain Name System(DNS) was invented, host file was being used toperform the host name to IP address translation. As the internet grows, the host file becomes harder to manage. DNS has become the solution. Today, there are 13 DNS rootservers around the world. Such as: edu, org, gov, com, and etc. Next, the naming space is being delegated down to the organizations. For example, Georgia Institute of Technology is responsible for the Gatech domain. Each organization may delegate the domain management further down into sub-domain of its organization.1Section 1: Host File ConfigurationOpen Windows XP Pro virtual machine. If you fail to open it, close it and restart the virtual machine service with service vmware restart.Open up the hosts file from C:\WINDOWS\system32\drivers\etc. Add a line at the bottom of the file to point google.com and www.google.com to the webserver in our mininet, 57.35.6.207, which is College of Computing website.Now, open up mozilla to go to google.com. You should get the Georgia Tech website instead of a page not found site.Question 1.1: What is host entry to map google.com to our webserver?Take a screenshot of your google.com mapping to our webserver on WindowXP virtual machine, Screenshot #1.Section 2: DNS PoisoningIn this section, we will be poisoning the DNS server. In order to do it, we need to be familiarized with the DNS forwarding technique. When an application requests a hostname translation to an IP address, it needs to talk to the resolver. The resolver, DNS client, contacts its closest DNS server. If that DNS server has it, then it sends the result back to the resolver. If not, then it will contact its closest DNS server. If nothing is foundfor the address, then the host does not exist on the internet. This is a recursive technique to get the translation of the hostname to the IP address.For this section, we will be using Linux Workstation 4.0. The Linux can be configured to act as a DNS client. We can now setup the Red Hat 4.0 WS as a resolver.1. First go to /etc/resolv.conf and add this line.nameserver 57.35.7.254This sets up our nameserver to be point to our baddnsisp.2. Next we need to set up Red Hat 4.0 WS machine to contact the dns server first instead of the hosts file. If nothing is found in the dns, then the resolver will be checking for the translation in the host file. Add this line to the /etc/nsswitch.conf.hosts: dns files3. Then make sure that the /etc/hosts contain the following line127.0.0.1 localhost.localdomain localhost2Now, we need to restart the network service because we changed the etc/nsswitch.conf file./etc/rc.d/init.d/network restartOur task now is to poison the DNS server. The goal is to point the www.mit_xx.edu to our mininet’s badISP webserver’s main page (College of Computing web page).The domain name server is responsible for managing zone within its area. Therefore, in order for us to manage the mit.edu zone, we need to create a fake mit.edu zone for our dns server to use.In this step, we will be using the baddnsisp, which is the DNS server for the mininet network’s badisp zone. The baddnsisp can be reached on the terminal S2 on the KVM switch on the rack.Go to /var/named folder of baddnsisp, DNS server, and look at some of the existing zone files. After you get familiarized with the files, create mit_xx.edu.zone file. It would be best that you make a copy of one of the working zone files and rename it to mit_xx.edu.zone where xx is your group number. If your group number is 7, then your zone file is mit_07.edu.zone. Then, just go in there and modify the code. Make sure that www.mit_xx.edu points to our badisp webserver, 57.35.6.207. Next, we need to get our named.conf to point to our mit_xx.edu.zone. To do this, you need to be familiarized with the named.conf. Then, add the zone that points to the mit_xx.edu.zone. After you are done with all of these, restart the DNS server./etc/rc.d/init.d/named restartNow, go back to the WS 4.0, then type www.mit_xx.edu. If you did everything correctly, then it should point to our mininet badisp web server (College of Computing website).Take screenshot of the mit_xx.edu.zone. Screenshot #2.Take the screenshot of the named.conf where you added the code. Screenshot#3.Take the screenshot of the webpage www.mit_xx.edu . Screenshot #4.Now, go to the terminal, and type dig www.mit_xx.edu. You should see that the DNS server that we are using is 57.35.7.254.Take a screenshot of the dig result. Screenshot #5.3Section 3: DNS trafficThe browser has caching available. Before you start this section, close all browsers that are currently opened. In this section you will be using Red Hat 4.0 WS physical machine. Open up ethereal, and start capturing the DNS traffic. Open up mozillaand go to www.mit_xx.edu. Highlight a DNS packet and take a Screenshot #6.Question 3.1: Choose a DNS query or a DNS response message from the ethereal and explain