INTERNATIONAL UNIVERSITY School of Computer Science and Engineering LAB 2: DNS attack (part 1) Course !

ate Network Security Lecturer Pham Van Hau,PhD

Duration: 180 minutes

Student name###########

Student I!""""""""""""""""""""""""""""""""""""""""""""

Introduction
To do the DNS Hijacking attack, you need to know how to generate, capture the packets programmatically. Understand the udp, dns packet headers as well as the dns protocol The purpose of this lab is to gi e you hands!on e"perience on low le el network programming. #ore precisely, you are going to create the dns re$uest and response. These will help you a lot for the ne"t lab %&. 'n general, to generate the raw packet you can use pcap library (http%))www.tcpdump.org)pcap.html&. *ibnet library http%))packetfactory.openwall.net)projects)libnet)dist)deprecated)manual)lrm.html or e en the standard +,' http%))en.wikipedia.org)wiki)-erkeley.sockets 'n the conte"t of this lab, we use pcap library for our purpose. Se eral useful information can be found at http%))www.tcpdump.org)pcap.html To help you to ha e an idea how the dns packet look like, on your linux machine open wireshark to capture the traffic open a terminal and e"ecute /nslookup ne"press.net0 Try to look at the different fields of the captured dns!packet and understand what they are used for. This link http%))www.networksorcery.com)enp)protocol)dns.htm is also a great source for this purpose.

Part I: DNS packet generation

To help you on the programming stuff, ' ha e created two programs, called dns_request_gen.c and dns_response_gen.c. The programs ' sent to you are not complete. 1ou need to modify them at se eral places ( ' ha e marked as /T2 -3 #2D'4'3D0&. '. DNS packet re$uest #odify dns_request_gen.c to generate the dns re$uest that ha e the source #+5% +6 +7 +8 +9 +: +; destination #+5% -6 -7 -8 -9 -: -; source port% 9<<< destination port% :8 Transaction 'D% ++- source ', address% 6.7.8.9 destination ', address% ;.=.>.?

dns $uerry to ask the ', address of / ne"press.net0

''. DNS packet response Modify dns_response_gen.c to generate the dns response that ha e the source #+5% -6 -7 -8 -9 -: -; destination #+5% +6 +7 +8 +9 +: +; source port% :8 destination port% 9<<< Transaction 'D% ++- source ', address% ;.=.>.? destination ', address% 6.7.8.9 dns response% the ip address of / ne"press.net0 is /666.;:.79>.6870 '''. DNS packet response The checksum (of ip and udp headers) of the generated packets are wrong. Do the necessary to make them right