DNS Spoofing

Network Security Spring 2021

The goals of this lab are to:

  1. Practice scapy-based packet injection
  2. Gain experience in hijacking DNS queries

DNS operates by default over UDP port 53. For an on-path attacker, it is straightforward to sniff queries and craft malicious responses. As one example, an attacker could forge a malicious response that maps a hostname to an IP address that the attacker controls.

In this lab, your objective is to perform exactly this attack. You have been provided a client in a container image that can be loaded and executed as follows:

$ docker load -i netsec-lab-dns-spoofing.img
$ docker run -it --rm netsec-lab-dns-spoofing

This client will attempt to resolve the IP address for a server running a service it will try to communicate with. Your exploit should sniff these DNS queries and forge a response that maps that hostname to an IP address you control.

If you are successful, the client will send a UDP datagram to your IP address on port 5353. Your malicious server should respond with your @northeastern.edu email address. The client will then print a JSON object.

An exploit skeleton as well as the client container image is available in Canvas.

Lab Objectives

  1. Forge malicious DNS responses to redirect the client to a malicious server you control

Submission Instructions

Submit the JSON object the client outputs to Canvas.