How can my server be DNS spoofed?

Help! For some reason when I try to use "ssh" to connect to my server from my Mac, it fails and is saying that I might be a victim of a "DNS Spoof"? What's going on, and how do I fix the problem?

Dave's Answer:

First off, a critically important question: have you moved your domain name from one server to another in the last day or two? Or, perhaps, has your ISP moved you from one server to another and therefore had to change your IP (internet protocol) address?

That's what's happening. Your Mac remembers that you used to end up at, say, 129.1.1.30 when you requested to connect using the secure ssh protocol, but now the domain name resolves to a different IP address.

Here's the message you're probably seeing:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for intuitive.com has changed,
and the key for the according IP address 205.212.166.171
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /Users/taylor/.ssh/known_hosts:4
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
ce:a1:ce:c7:90:15:41:c4:ac:81:5f:a3:f9:7d:97:1d.
Please contact your system administrator.
Add correct host key in /Users/taylor/.ssh/known_hosts to get rid of this message.
Offending key in /Users/taylor/.ssh/known_hosts:1
RSA host key for intuitive.com has changed and you have requested strict checking.
Host key verification failed.

Pretty scary!

But you can see that it shows you the solution if you're confident that you are pointing at a new IP address and all is well: simply wipe out the "known_hosts" file for that connection in your "ssh" configuration folder (in my case, it's /Users/taylor/.ssh).

You can either just remove the offending line or delete the entire file and let it reprompt you whether to save the secure keys for other sites you visit too. I usually opt for the latter.

If you haven't made any changes, then you need to get on the phone with your Internet Service Provider ASAP to figure out what's going on!

Hope that helps clear things up!

Categorized: Mac OS X Help , Unix and Linux Help (Article 5841, Written by Dave Taylor)
Tagged: dns spoofing, sftp, ssh
Previous: What is WiMAX?
Next: Are Sony PSP's regionally encoded?

Subscribe!

Never miss another Q&A article! Click to subscribe:

Comments

I followed all your steps to seting my psp up for the internet but now it says a dns error has occured. How do I fix this?

Posted by: Keith at April 6, 2008 11:17 AM

thanks so much! the fix worked perfectly.
for all those looking for the .ssh folder you have to unlock the "hidden files" on your mac. a simple google search will show you how to do this.

Posted by: gm at November 13, 2011 4:26 PM

I have something to say, now that you mention it, but ...

I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you for all your efforts on this Web site by buying you a cup of coffee!

I do have a comment, now that you mention it!

How can I fix too little virtual memory in Windows?

How do I install Windows XP in Boot Camp on my Mac?

How do I download photos onto my Apple iPhone?

How do I convert WMA to MP3 audio files in Windows Media Player?

How can I add a Google search box to my site?

How can I put music on my Apple iPod?

How can I get my Nintendo DS to connect to the Internet?

How do I reset my Mac OS X administrator (root) password?

Recent Entries

How can I pair a bluetooth speaker with my MacBook Pro?

Is my copy of Windows 7 "activated" and genuine?

The Scoop on Merchant Services and Credit Card Processing?

How can I change my Windows PC computer name?

Introduction to Google Docs Spreadsheets

Add Po.st Social Media (Facebook, Google Plus) widgets to your blog?

I Need Help!

Even More Help

Apple iPad Help
Articles and Reviews
Auctions and Online Shopping
Blogs and RSS Feeds
Building Web Site Traffic
Business and Management
CGI Scripts and Web Site Programming
Computer and Internet Basics
d) None of the Above
Facebook Help
Google Plus Help
HTML and CSS
Industry News and Trade Shows
iPhone and Cell Phone Help
iPod, Sony PSP and MP3 Player Help
Mac OS X Help
Pay Per Click (PPC) Advertising
Search Engine Optimization (SEO)
Shell Script Programming
Tech Support Video Help
The Writing Business
Twitter, LinkedIn and Social Network Help
Unix and Linux Help
Video Game Tips and Help
Windows PC Help
WordPress Help

film blog - social media / blogging speaking - business blog - Colorado photography - free tech support

© 2002 - 2012 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site.

business blog | sitemap | link to us!