Explanation of pharming

Every end-point on the Internet has an IP Address (currently, the standard for these addresses is IPv4 which specifies that addresses are 32 bits, but IPv6 is being deployed which uses many more bits to represent an address). These 32-bit addresses are usually represented textually as a ‘dotted quad’ – four numbers separated by . (dots), for example ‘’. Each of the four numbers is between 0 and 255, representing 8 of the 32 bits of the address. Machines on the Internet identify each other by using their IP addresses, and every portion of data transmitting on the Internet (packet) is tagged with the IP addresses of the putative sender and intended recipient. It is roughly equivalent to a telephone number. But since it is difficult for humans to remember more than a few numbers, there are directories that map numbers to something easier for humans to remember. For telephone numbers there are telephone directories mapping names of people or businesses to numbers, and for IP addresses there is DNS, the Domain Name System, mapping domain names (for example ‘wikipedia.org’) to IP addresses. The DNS server thus performs the service as the telephone book to return an IP address for any domain name submitted it.

Suppose a criminal wants to steal someone’s account information. He sets up a fake website that duplicates in every aspect of the look and feel of a bank or other sensitive website. How can he induce victims to visit the website and divulge their sensitive information (such as passwords, PIN numbers or account numbers)? Phishing is the most common tactic, but it can be defeated if the victim notices the web address doesn’t match. But if the criminal hijacks the victim’s DNS server, changing the IP address of the target website from its real IP address to the IP address of his fake website, the victim can enter the web address (URL) properly and be directed to the fake website. Note that this is only possible when the victim accesses the original site via HTTP but not HTTPS (that is, with no SSL protection), or if the user ignores a warning about invalid server certificates.

Source : wikipedia

Publié dans Non classé