Using scapy to defeat the dns poisoning, is it possible?
Hongyi Zhao
hongyi.zhao at gmail.com
Fri Aug 16 18:54:25 EDT 2019
Hi,
See my following testings:
$ dig www.twitter.com @8.8.8.8 +short
66.220.147.44
While the tcpdump gives the following at the meanwhile:
$ sudo tcpdump -n 'host 8.8.8.8 and port 53'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp5s0, link-type EN10MB (Ethernet), capture size 262144
bytes
06:49:35.779852 IP 192.168.1.2.59443 > 8.8.8.8.53: 56457+ [1au] A?
www.twitter.com. (44)
06:49:35.818492 IP 8.8.8.8.53 > 192.168.1.2.59443: 56457 1/0/0 A
66.220.147.44 (49)
06:49:35.818531 IP 8.8.8.8.53 > 192.168.1.2.59443: 56457 1/0/0 A
69.171.248.65 (49)
06:49:35.824454 IP 8.8.8.8.53 > 192.168.1.2.59443: 56457 3/0/1 CNAME
twitter.com., A 104.244.42.129, A 104.244.42.65 (90)
As you can see, the dns is poisoned, is it possible to defeat this with
scapy or some techniques with python?
Regards
--
.: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :.
More information about the Python-list
mailing list