Find the answer to your Linux question:
Results 1 to 7 of 7
Hello Linuxforums. It's a pleasure for me to be your new member Some days ago I came to the idea of using fake DNS responses, but only for the first ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2012
    Posts
    7

    DNS - single domain, two websites /forwarding/


    Hello Linuxforums. It's a pleasure for me to be your new member


    Some days ago I came to the idea of using fake DNS responses, but only for the first request to a given website.

    I am a student and I need this "evil idea" only for educational purposes.

    In brief:
    All I want is to intall a DNS server (for example - BIND) and redistribute it to the clients of my local subnet via DHCP. Then I'll make a fake forwarding for the first request to given website.

    Scenario:

    domain.com <---> ip: y.y.y.y

    1st request: source ip z.z.z.z -> opens domain.com ->corr ip.x.x.x (fake)
    2nd request: source ip z.z.z.z -> opens domain.com ->corr ip:y.y.y.y - this time the DNS resolution is proper


    For example, if the client wants to open domain.com and it's corresponding IP address is y.y.y.y the DNS server will detect that this is the first request to this site from this IP and redirect it to a fake website (ip.x.x.x). Then, the user will try again by sending the same request and the DNS server will use some kind of algorithm* to discover that the same IP is doing a second request to the same website and resolve it with the proper IP address of the web server.

    *I'm thinking of using tcpdump to create a table with the source ip; the url the user wants to open; and maybe some more fields from the tcp header /SYN-ack number/.

    And think it is an interesting task. Your ideas are welcome

  2. #2
    Just Joined!
    Join Date
    Nov 2007
    Location
    San Diego
    Posts
    17
    If you manage the DNS server you could add an alias to the real entry that adds the fake entry. The way DNS would resolve in that case would be that every other time the correct one would alternate with the fake one.

    Another related thing would be to configure the firewall rules of iptables to accept request from certain hosts, and redirect others.

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    The short answer to all of this is DNS is not setup to do what you want.
    I believe you were already told this.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  4. #4
    Just Joined!
    Join Date
    Apr 2012
    Posts
    7
    Quote Originally Posted by Lazydog View Post
    The short answer to all of this is DNS is not setup to do what you want.
    I believe you were already told this.
    Yes, I understood that this is impossible. Now I'm thinking of just alternating the Destination IP of the packet using shell script + iptables. However, I still have not tried to write it.

    My idea is first to do nslookup and GREP the IPs that correspond to the desired domain (let's say facebook.com). Then I need iptables rules to check whether the dest.ip. matches the addresses of the server. If they do - iptables redirects the packet to my fake webserver and also LOGs the information from the packet and GREP the source.ip. So, during that the second try iptables will check whether the source ip mathes the list with the "cheated user" and then will redirect the user to the proper place (the real facebook.com servers).

    Any practical ideas (iptables rules) are welcome.

  5. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Can I ask why you want to do this? What is the benefit form doing this?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #6
    Just Joined!
    Join Date
    Apr 2012
    Posts
    7
    Quote Originally Posted by Lazydog View Post
    Can I ask why you want to do this? What is the benefit form doing this?
    It's just for the experience. And maybe it's a good networking lesson for me.

  7. #7
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    You might want to look at a proxy for doing this. Not sure how you would do all this with IPTABLES.
    If you want to read up on IPTABLES

    Iptables Tutorial 1.2.2

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •