User Account

All Pages

Develop an on-path dns packet injector

Assignment Help Computer Networking
Reference no: EM131193834

In this assignment you will develop 1) an on-path DNS packet injector and 2) a passive DNS poisoning attack detector.

Part 1:

The DNS packet injector you are going to develop, named 'dnsinject', will capture the traffic from a network interface in promiscuous mode, and attempt to inject forged responses to selected DNS A requests.

Your program should conform to the following specification:

dnsinject [-i interface] [-f hostnames] expression

-i Listen on network device <interface> (e.g., eth0). If not specified, dnsinject should select a default interface to listen on. The same interface should be used for packet injection.

-f Read a list of IP address and hostname pairs specifying the hostnames to be hijacked. If '-f' is not specified, dnsinject should forge replies for all observed requests with the local machine's IP address as an answer.

<expression> is a BPF filter that specifies a subset of the traffic to be monitored. This option is useful for targeting a single or a set of particular victims.

The <hostnames> file should contain one IP and hostname pair per line, separated by whitespace.

For example:
10.6.6.6 foo.example.com
10.6.6.6 bar.example.com
192.168.66.6 www.cs.stonybrook.edu

Pay attention to the time needed for generating the spoofed response: it should be fast enough for the injected reply to reach the victim sooner than the server's actual response. The spoofed packet and content should also be valid according to the initial DNS request, and the forged response should be accepted and processed normally by the victim.

Part 2:

The DNS poisoning attack detector you are going to develop, named 'dnsdetect', will capture the traffic from a network interface in promiscuous mode and detect DNS poisoning attack attempts, such as those generated by dnsinject.

Detection will be based on identifying duplicate responses towards the same destination that contain different answers for the same A request, i.e., the observation of the attacker's spoofed response followed by the server's actual response. You should make every effort to avoid false positives, e.g., due to legitimate consecutive responses with different IP addresses for the same hostname due to round robin DNS load balancing.

Your program should conform to the following specification:

dnsdetect [-i interface] [-r tracefile] expression

-i Listen on network device <interface> (e.g., eth0). If not specified, the program should select a default interface to listen on.

-r Read packets from <tracefile> (tcpdump format). Useful for detecting DNS poisoning attacks in existing network traces.

<expression> is a BPF filter that specifies a subset of the traffic to be monitored.

Once an attack is detected, dnsdetect should print to stdout a detailed alert containing a printout of both the spoofed and legitimate responses. You can format the output in any way you like. Output must contain the detected DNS transaction ID, attacked domain name, and the original and malicious IP addresses - for example:

20160406-15:08:49.205618 DNS poisoning attempt

TXID 0x5cce Request www.example.com
Answer1 [List of IP addresses]
Answer2 [List of IP addresses]

For both dnsinject and dnsdetect, feel free to use parts or build upon the code of your 'mydump' tool from Homework 2. You are free to pick any programming language you like for both tools, as long as it is easy to install and configure on a modern Linux system (e.g., C, C++, python, ruby).

What to submit:

A tarball with:

- all required source code files, an appropriate Makefile (if needed), and instructions for installing any library dependencies/packages (if needed)

- a pcap trace of one or more successful attack instances generated using your dnsinject tool

- a short report (.txt file is fine) with a brief description of your programs, the strategy you followed for DNS poisoning detection, and the output of your dnsdetect tool when fed with the above attack trace

Hints:

1) You may find some of the following libraries/tools useful: libnet, scapy, dpkt, libdnet.

2) Mind your spoofed packet's header fields and checksums!

3) Think about what fields should remain the same or may differ between the spoofed and actual response packets.

4) An easy way to test your tools is to have a victim guest VM, and run dnsinject and dnsdetect on the host (or another VM that can observe the victim's traffic).

Reference no: EM131193834

Questions Cloud

What about genuine friendship : Please describe some of your own friendships in a workplace environment and whether you have been able to experience true care and support from your colleagues. What about genuine friendship?
System is generates more efficient market quantity : A market is made up of two consumers. The first has a demand P1 = 1200 – 3q1 and the other has demand P2 = 1200 – 6q2. There is one firm in the market acting like a monopolist with costs = Q2 + 90,000. Suppose the firm implemented at 2 part tariff wh..
Write down the differential equation you need to solve : Write down the differential equation you would need to solve to find the money metric utility function. If you can, solve this differential equation.
Gender a critique of three journal articles about gender : Prepare a report on "Gender: A Critique of Three Journal Articles about Gender".  Steinpreis, R.E., Anders, K.A., & Ritzke, D. (1999).Impact of gender on the review of the Curricula Vitae of job applicants and tenure candidates: a national empirical ..
Develop an on-path dns packet injector : The DNS packet injector you are going to develop, named 'dnsinject', will capture the traffic from a network interface in promiscuous mode, and attempt to inject forged responses to selected DNS A requests.
How do theoretical controversies regarding responsibility : This final case on Theo Chocolate illustrates strategic decision making that begins with the fundamental mission of the enterprise and then continues to permeate decision making throughout the company. How do the theoretical controversies regarding r..
Explain some cost savings supervalu might realize : Identify some cost savings Supervalu might realize by reducing the number of items it carries in inventory. Be as specific as possible, and use your imagination.
Many monopolistically competitive markets : In an oligopolistic market, firms pay close attention to the strategies of their rivals. In monopolistic competition, with a large number of sellers, it is assumed that there is not this kind of rivalry, or interdependence. Why is there probably some..
Find another explanation of hole versus electron flow : Consult your reference library and find another explanation of hole versus electron flow. Using both descriptions, describe in your own words the process of hole conduction.

Reviews

Write a Review

Computer Networking Questions & Answers

  Research three recent information security breaches

Research three recent information security breaches. Do main targets seem to be larger or smaller companies? Is there a particular industry which seems predominately targeted?

  What medium guarantees immunity from interference?

What medium guarantees immunity from interference?

  Use private ip addresses and share a connection you are

question use private ip addresses and share a connection. you are hired as the network administrator of a small startup

  Router traffic classification proof of concept

Router Traffic Classification Proof of Concept, Write a paragraph (minimum five college-level sentences) below that summarizes what was accomplished in this lab and what you learned by performing it

  Estimate the quantity of connectivity routers-switches

Your organization opened seven new branch offices in five states. Each branch office has five floors. All the branch offices use the same Internet domain name. The organization has approximately 25 servers and anticipates that an additional 30 ser..

  Describe the network management software components

Describe the network management software components. Side server components, middleware components and northbound interface and explain the elements and capabilities of a fault, configuration, accounting, performance, and security server

  Evolution of the telecommunications industry

The World Wide Web the best know example of a WAN that's why once a WAN is in place, WAN security must be implemented. Some methods for securing WANs include firewalls, routers with access control lists, and intrusion detection systems

  1nbspnbspnbspnbspnbspnbsp

1.nbspnbspnbspnbspnbspnbsp ipnbspnbspnbspnbspnbspnbspnbspnbspnbspnbsp 143.190.149.158 subnet mast nbspnbspnbsp

  Diagram of simplest connection between two computers

Using Ethernet Network Interface Cards or NICs, diagram simplest connection between two computers which will allow for communications and resource sharing.

  How will the servers be deployed

Worldwide Advertising, Inc. (WAI) has hired you as an IT consultant. WAI is a new advertising firm, and they are currently hiring staff, establishing two locations, and have a need to get their internal IT services configured. How will the servers..

  What advantages are inherent in wireless technologies on lan

What are some immediately noticeable differences in the technologies - What advantages are inherent in Wireless technologies on the LAN? Explore some disadvantages as well.

  Global business communication

From life and work experiences, discuss some of the problems or pitfalls of conducting business on the telephone and through e-mail; how about other tools such as video conferencing and chatting?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd