aboutsummaryrefslogtreecommitdiff
path: root/netsec-assignment5-S4498062/exercise2
diff options
context:
space:
mode:
authorCamil Staps2015-10-13 20:59:20 +0200
committerCamil Staps2015-10-13 20:59:20 +0200
commit5667cc3df79242093f6fe56521785b7b28b45005 (patch)
tree4c7340b4a16f2b2960e6d6480cdfd82e29d072c4 /netsec-assignment5-S4498062/exercise2
parentFinish assignment 4 (diff)
Assignment 5HEADmaster
Diffstat (limited to 'netsec-assignment5-S4498062/exercise2')
-rw-r--r--netsec-assignment5-S4498062/exercise2/exercise2a4
-rw-r--r--netsec-assignment5-S4498062/exercise2/exercise2b15
-rw-r--r--netsec-assignment5-S4498062/exercise2/exercise2c5
3 files changed, 24 insertions, 0 deletions
diff --git a/netsec-assignment5-S4498062/exercise2/exercise2a b/netsec-assignment5-S4498062/exercise2/exercise2a
new file mode 100644
index 0000000..4752ff2
--- /dev/null
+++ b/netsec-assignment5-S4498062/exercise2/exercise2a
@@ -0,0 +1,4 @@
+$ dig +bufsize=4096 +dnssec +ignore +tries=1 +time=1 any "lk." "@204.61.216.27"
+
+I just followed instructions on http://dnscurve.org/dnssecamp.html.
+
diff --git a/netsec-assignment5-S4498062/exercise2/exercise2b b/netsec-assignment5-S4498062/exercise2/exercise2b
new file mode 100644
index 0000000..d745494
--- /dev/null
+++ b/netsec-assignment5-S4498062/exercise2/exercise2b
@@ -0,0 +1,15 @@
+Nothing special on Ethernet level.
+
+On the IP level, we set the source IP to the IP of blackboard.ru.nl
+(131.174.57.69). The destination IP should be the IP of the nameserver we're
+using (204.61.216.27).
+
+Nothing special on the UDP level.
+
+On the DNS level we use the query as can be found in the capture file:
+
+ 4c1901200001000000000001026c6b0000ff00010000291000000080000000
+
+For the rest, we craft the packet as normally. This way, the nameserver will
+send its reply to 131.174.57.69.
+
diff --git a/netsec-assignment5-S4498062/exercise2/exercise2c b/netsec-assignment5-S4498062/exercise2/exercise2c
new file mode 100644
index 0000000..f16c731
--- /dev/null
+++ b/netsec-assignment5-S4498062/exercise2/exercise2c
@@ -0,0 +1,5 @@
+We could reject all packets with a spoofed IP address by only accepting packets
+where the source address is in our subnet:
+
+# iptables -A OUTPUT -j DROP
+# iptables -A OUTPUT -s 203.0.113.0/24 ACCEPT