DNS Spoofing

Network Security Fall 2021

The goals of this lab are to:

  1. Practice scapy-based packet injection
  2. Gain experience in hijacking DNS queries

DNS operates by default over UDP port 53. For an on-path attacker, it is straightforward to sniff queries and craft malicious responses. As one example, an attacker could forge a malicious response that maps a hostname to an IP address that the attacker controls.

In this lab, your objective is to perform exactly this attack. You have been provided a client in a container image (client.img.zst in Canvas). This client will attempt to resolve the IP address for a server running a service it will try to communicate with. Your exploit should sniff these DNS queries and forge a response that maps that hostname to an IP address you control.

If you are successful, the client will send a UDP datagram to your IP address on port 5353. Your malicious server should respond with your @northeastern.edu email address. The client will then print a JSON object.

Extra credit. The client will optionally authenticate server responses when run with --auth_server using libsodium-provided HMACs and a shared secret embedded in the client. Reverse-engineer the client to recover the secret and impersonate the server.

Lab Objectives

  1. Forge malicious DNS responses to redirect the client to a malicious server you control
  2. Execute the same attack, but in addition impersonate the server by recovering the HMAC secret (extra credit)

Submission Instructions

Submit a gzipped tar archive containing a README with the JSON object(s) the client outputs along with your source code to Canvas.