Hidden MitM DNS Poisoning Attack
Suppose that an ARP poisoning has been done and the attacker is sitting between the victims and the router, all traffic intended for the gateway would now go through attacker.
Would the attacker be able to intercept DNS queries and craft a malicious DNS response when for a certain FQDN (e.g. www.example.com) entered from the victim's PC while allowing legitimate DNS responses to other sides other than the one the attacker is trying to intercept if the victim's DNS server is statically set to Google's DNS server at 8.8.8.8?
Would the attacker require a set up of ipforwarding and some form of iptables to be set up to subsequently listen to destination port 53 in order to intercept it? Besides, what else would the attacker need to perform this hidden MITM attack?
