User Account

All Pages

Develop an on-path dns packet injector

Assignment Help Computer Networking
Reference no: EM131193834

In this assignment you will develop 1) an on-path DNS packet injector and 2) a passive DNS poisoning attack detector.

Part 1:

The DNS packet injector you are going to develop, named 'dnsinject', will capture the traffic from a network interface in promiscuous mode, and attempt to inject forged responses to selected DNS A requests.

Your program should conform to the following specification:

dnsinject [-i interface] [-f hostnames] expression

-i Listen on network device <interface> (e.g., eth0). If not specified, dnsinject should select a default interface to listen on. The same interface should be used for packet injection.

-f Read a list of IP address and hostname pairs specifying the hostnames to be hijacked. If '-f' is not specified, dnsinject should forge replies for all observed requests with the local machine's IP address as an answer.

<expression> is a BPF filter that specifies a subset of the traffic to be monitored. This option is useful for targeting a single or a set of particular victims.

The <hostnames> file should contain one IP and hostname pair per line, separated by whitespace.

For example:
10.6.6.6 foo.example.com
10.6.6.6 bar.example.com
192.168.66.6 www.cs.stonybrook.edu

Pay attention to the time needed for generating the spoofed response: it should be fast enough for the injected reply to reach the victim sooner than the server's actual response. The spoofed packet and content should also be valid according to the initial DNS request, and the forged response should be accepted and processed normally by the victim.

Part 2:

The DNS poisoning attack detector you are going to develop, named 'dnsdetect', will capture the traffic from a network interface in promiscuous mode and detect DNS poisoning attack attempts, such as those generated by dnsinject.

Detection will be based on identifying duplicate responses towards the same destination that contain different answers for the same A request, i.e., the observation of the attacker's spoofed response followed by the server's actual response. You should make every effort to avoid false positives, e.g., due to legitimate consecutive responses with different IP addresses for the same hostname due to round robin DNS load balancing.

Your program should conform to the following specification:

dnsdetect [-i interface] [-r tracefile] expression

-i Listen on network device <interface> (e.g., eth0). If not specified, the program should select a default interface to listen on.

-r Read packets from <tracefile> (tcpdump format). Useful for detecting DNS poisoning attacks in existing network traces.

<expression> is a BPF filter that specifies a subset of the traffic to be monitored.

Once an attack is detected, dnsdetect should print to stdout a detailed alert containing a printout of both the spoofed and legitimate responses. You can format the output in any way you like. Output must contain the detected DNS transaction ID, attacked domain name, and the original and malicious IP addresses - for example:

20160406-15:08:49.205618 DNS poisoning attempt

TXID 0x5cce Request www.example.com
Answer1 [List of IP addresses]
Answer2 [List of IP addresses]

For both dnsinject and dnsdetect, feel free to use parts or build upon the code of your 'mydump' tool from Homework 2. You are free to pick any programming language you like for both tools, as long as it is easy to install and configure on a modern Linux system (e.g., C, C++, python, ruby).

What to submit:

A tarball with:

- all required source code files, an appropriate Makefile (if needed), and instructions for installing any library dependencies/packages (if needed)

- a pcap trace of one or more successful attack instances generated using your dnsinject tool

- a short report (.txt file is fine) with a brief description of your programs, the strategy you followed for DNS poisoning detection, and the output of your dnsdetect tool when fed with the above attack trace

Hints:

1) You may find some of the following libraries/tools useful: libnet, scapy, dpkt, libdnet.

2) Mind your spoofed packet's header fields and checksums!

3) Think about what fields should remain the same or may differ between the spoofed and actual response packets.

4) An easy way to test your tools is to have a victim guest VM, and run dnsinject and dnsdetect on the host (or another VM that can observe the victim's traffic).

Reference no: EM131193834

Questions Cloud

What about genuine friendship : Please describe some of your own friendships in a workplace environment and whether you have been able to experience true care and support from your colleagues. What about genuine friendship?
System is generates more efficient market quantity : A market is made up of two consumers. The first has a demand P1 = 1200 – 3q1 and the other has demand P2 = 1200 – 6q2. There is one firm in the market acting like a monopolist with costs = Q2 + 90,000. Suppose the firm implemented at 2 part tariff wh..
Write down the differential equation you need to solve : Write down the differential equation you would need to solve to find the money metric utility function. If you can, solve this differential equation.
Gender a critique of three journal articles about gender : Prepare a report on "Gender: A Critique of Three Journal Articles about Gender".  Steinpreis, R.E., Anders, K.A., & Ritzke, D. (1999).Impact of gender on the review of the Curricula Vitae of job applicants and tenure candidates: a national empirical ..
Develop an on-path dns packet injector : The DNS packet injector you are going to develop, named 'dnsinject', will capture the traffic from a network interface in promiscuous mode, and attempt to inject forged responses to selected DNS A requests.
How do theoretical controversies regarding responsibility : This final case on Theo Chocolate illustrates strategic decision making that begins with the fundamental mission of the enterprise and then continues to permeate decision making throughout the company. How do the theoretical controversies regarding r..
Explain some cost savings supervalu might realize : Identify some cost savings Supervalu might realize by reducing the number of items it carries in inventory. Be as specific as possible, and use your imagination.
Many monopolistically competitive markets : In an oligopolistic market, firms pay close attention to the strategies of their rivals. In monopolistic competition, with a large number of sellers, it is assumed that there is not this kind of rivalry, or interdependence. Why is there probably some..
Find another explanation of hole versus electron flow : Consult your reference library and find another explanation of hole versus electron flow. Using both descriptions, describe in your own words the process of hole conduction.

Reviews

Write a Review

Computer Networking Questions & Answers

  Networking and types of networking

This assignment explains the networking features, different kinds of networks and also how they are arranged.

  National and Global economic environment and ICICI Bank

While working in an economy, it has a separate identity but cannot operate insolently.

  Ssh or openssh server services

Write about SSH or OpenSSH server services discussion questions

  Network simulation

Network simulation on Hierarchical Network Rerouting against wormhole attacks

  Small internet works

Prepare a network simulation

  Solidify the concepts of client/server computing

One-way to solidify the concepts of client/server computing and interprocess communication is to develop the requirements for a computer game which plays "Rock, Paper, Scissors" using these techniques.

  Identify the various costs associated with the deployment

Identify the various costs associated with the deployment, operation and maintenance of a mobile-access system. Identify the benefits to the various categories of user, arising from the addition of a mobile-access facility.

  Describe how the modern view of customer service

Describe how the greater reach of telecommunication networks today affects the security of resources which an organisation provides for its employees and customers.

  Technology in improving the relationship building process

Discuss the role of Technology in improving the relationship building process Do you think that the setting of a PR department may be helpful for the ISP provider? Why?

  Remote access networks and vpns

safekeeping posture of enterprise (venture) wired and wireless LANs (WLANs), steps listed in OWASP, Securing User Services, IPV4 ip address, IPV6 address format, V4 address, VPN, Deploying Voice over IP, Remote Management of Applications and Ser..

  Dns

problems of IPV, DNS server software, TCP SYN attack, Ping of Death, Land attack, Teardrop attack, Smurf attack, Fraggle attack

  Outline the difference between an intranet and an extranet

Outline the difference between an intranet and an extranet A programmer is trying to produce an applet with the display shown in Figure 1 below such that whenever one of the checkboxes is selected the label changes to indicate correctly what has..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd