diff options
Diffstat (limited to 'netsec-assignment5-S4498062/exercise2')
| -rw-r--r-- | netsec-assignment5-S4498062/exercise2/exercise2a | 4 | ||||
| -rw-r--r-- | netsec-assignment5-S4498062/exercise2/exercise2b | 15 | ||||
| -rw-r--r-- | netsec-assignment5-S4498062/exercise2/exercise2c | 5 |
3 files changed, 24 insertions, 0 deletions
diff --git a/netsec-assignment5-S4498062/exercise2/exercise2a b/netsec-assignment5-S4498062/exercise2/exercise2a new file mode 100644 index 0000000..4752ff2 --- /dev/null +++ b/netsec-assignment5-S4498062/exercise2/exercise2a @@ -0,0 +1,4 @@ +$ dig +bufsize=4096 +dnssec +ignore +tries=1 +time=1 any "lk." "@204.61.216.27" + +I just followed instructions on http://dnscurve.org/dnssecamp.html. + diff --git a/netsec-assignment5-S4498062/exercise2/exercise2b b/netsec-assignment5-S4498062/exercise2/exercise2b new file mode 100644 index 0000000..d745494 --- /dev/null +++ b/netsec-assignment5-S4498062/exercise2/exercise2b @@ -0,0 +1,15 @@ +Nothing special on Ethernet level. + +On the IP level, we set the source IP to the IP of blackboard.ru.nl +(131.174.57.69). The destination IP should be the IP of the nameserver we're +using (204.61.216.27). + +Nothing special on the UDP level. + +On the DNS level we use the query as can be found in the capture file: + + 4c1901200001000000000001026c6b0000ff00010000291000000080000000 + +For the rest, we craft the packet as normally. This way, the nameserver will +send its reply to 131.174.57.69. + diff --git a/netsec-assignment5-S4498062/exercise2/exercise2c b/netsec-assignment5-S4498062/exercise2/exercise2c new file mode 100644 index 0000000..f16c731 --- /dev/null +++ b/netsec-assignment5-S4498062/exercise2/exercise2c @@ -0,0 +1,5 @@ +We could reject all packets with a spoofed IP address by only accepting packets +where the source address is in our subnet: + +# iptables -A OUTPUT -j DROP +# iptables -A OUTPUT -s 203.0.113.0/24 ACCEPT |