INTERNATIONAL UNIVERSITY School of Computer Science and Engineering LAB 2: DNS attack (part 2) Course !

ate Computer Security Lecturer Pham Van Hau,PhD

Duration: 180 minutes

Student name###########

Student I!""""""""""""""""""""""""""""""""""""""""""""

Part II: DNS attack

Normal scenario:
$ereafter are the steps for the user on $ost% to connect to an &e'site( e"g" )*AIL %" On $ost%( user enters &&&"gmail"com to the 'ro&ser +" $ost% as,s host- for the ip address of &&&"gmail"com -" $ost- returns the ip address of &&&"google"com .ipgoogle/ to host% 4. host1 connects (ipgoogle)

Attack scenario
1. User enters &&&"gmail"com to the 'ro&ser"
+" $ost+ sniffs the traffic on the &ire and tries to do !NS session hi0ac,ing '1 racing against the host-" In fact( it tries to pro2ide a fa,e ans&er to host % .$ost + returns its ip address .ip+/ instead of the actual ip address of gmail.ipgoogle/ to host %/ -" $ost% recei2e the fa,e ans&er from host + and connects to host+ .ip+/ in 'elie2ing that it is tal,ing to &&&"google"com

asks
ask 1: Create a program running on host+( called dnsattac,"c( in &hich( it %" captures the net&or, traffic and filter out the dns pac,et .get the code from La'+3part%/ +" Creates the fa,e response pac,et &ith the information mentioned a'o2e .get code from La'+3 part%/ -" Sends the fa,e pac,et to host% To help 1ou in creating the program( I sent 1ou the e4ample of dnsattac,"c program" You need to add the appreciate code at different palces &here I ha2e mar,ed 5TO 6E *O!I7IE!8" ask 2: Install a &e'ser2er on host+( create a home page to ma,e it loo, li,e &&&"gmail"com ask !: Test and ma,e sure 1our attac, &or,s Question 1: Compare the dns request and dns response with respect to a) Source MAC address and Destination MAC address b) IP source, IP destination c) source port, destination port Question 2: hat is the ro!e o" #ransaction ID "ie!d o" the D$S pac%et&

Question 3: 'ind a so!ution to pre(ent dns session hi)ac%in* attac%