DETROIT ? First there was phishing. Now there is pharming, a new name for an old hacker technique that security professionals call DNS Poisoning ? when web sites are redirected to other places on the net, usually for malicious purposes.

The Internet Storm Center has issued warnings this month that pharming is on the rise, following reports that some people’s computers were being redirected from sites such as eBay and Google to malicious Web servers that attempted to install spyware.

CNET.Com reported the compromises affected 30 to 40 networks, according to Jason Lam, incident handler for the Internet Storm Center, which tracks network threats.

Mike Lynn, Secretary of the ISSA Motor City Chapter, said DNS Poisoning has been around for some years and it takes a very sophisticated hacker to properly pull it off.

DNS stands for Domain Name Services/Server. This device translates the Domain Name, or URL heading, into an IP address (Internet address) which the internet routers and gateways only understand. Therefore, the DNS services

/servers must resolve the bank address (www.WellsFargo.com) to the IP address for WellsFargo (151.151.139.133), which is then used as a destination address for packets as they are assembled (created) by client machines (PC’s) and servers.

Every browser and computer (operating on the Internet) has its own DNS resolver, along with other devices on the internet. If the DNS services has an entry for a URL, or web site, in its memory, then it will pass off that IP address to the requesting layers of software, which then builds a packet to go out onto the Internet.

In DNS poisoning, the cache (in memory) routing tables on DNS servers are compromised, such that, if the entry is in the table (assumes that the entry has been previously looked up), then the DNS server does not forward the search request to other ‘upline’ DNS servers which it is supposed to know about. The user would be practically totally unaware that any switch or substitution might have taken place, save for secure web sites, which might require some sort of authentication ‘certificates.’

Therefore, if one crafts a packet in such a way that the DNS server thinks it’s asking for the resolution of an address, and that address has been substituted for another address, which may point to a web server that ‘looks and feels’ like the original, then Identity information can be gathered, without the unintentional knowledge or awareness of the participant (victim).

Lynn said anyone who wants to know more about DNS Pharming can do so by clicking on Ketil.froyn.name/poison.html

DNS Poisoning is also called DNS Spoofing. Microsoft’s discussion of

this vulnerability, and some solutions, are found at: Microsoft.Com

?Patches help to resolve some of the vulnerabilities, and every

computer users must become vigilant in making sure that their software

is up to date, and has proper security patches applied, where

appropriate let your corporation handle the corporate Security patches,?? Lynn said. ?They may already have done their job.?