Assignment 5HEADmaster

3 files changed, 24 insertions, 0 deletions

diff --git a/netsec-assignment5-S4498062/exercise2/exercise2a b/netsec-assignment5-S4498062/exercise2/exercise2a
new file mode 100644
index 0000000..4752ff2
--- /dev/null
+++ b/netsec-assignment5-S4498062/exercise2/exercise2a
@@ -0,0 +1,4 @@
+$ dig +bufsize=4096 +dnssec +ignore +tries=1 +time=1 any "lk." "@204.61.216.27"
+
+I just followed instructions on http://dnscurve.org/dnssecamp.html.
+
diff --git a/netsec-assignment5-S4498062/exercise2/exercise2b b/netsec-assignment5-S4498062/exercise2/exercise2b
new file mode 100644
index 0000000..d745494
--- /dev/null
+++ b/netsec-assignment5-S4498062/exercise2/exercise2b
@@ -0,0 +1,15 @@
+Nothing special on Ethernet level.
+
+On the IP level, we set the source IP to the IP of blackboard.ru.nl
+(131.174.57.69). The destination IP should be the IP of the nameserver we're
+using (204.61.216.27).
+
+Nothing special on the UDP level.
+
+On the DNS level we use the query as can be found in the capture file:
+
+    4c1901200001000000000001026c6b0000ff00010000291000000080000000
+
+For the rest, we craft the packet as normally. This way, the nameserver will
+send its reply to 131.174.57.69. 
+
diff --git a/netsec-assignment5-S4498062/exercise2/exercise2c b/netsec-assignment5-S4498062/exercise2/exercise2c
new file mode 100644
index 0000000..f16c731
--- /dev/null
+++ b/netsec-assignment5-S4498062/exercise2/exercise2c
@@ -0,0 +1,5 @@
+We could reject all packets with a spoofed IP address by only accepting packets
+where the source address is in our subnet:
+
+# iptables -A OUTPUT -j DROP
+# iptables -A OUTPUT -s 203.0.113.0/24 ACCEPT