MoonGen icon indicating copy to clipboard operation
MoonGen copied to clipboard
verified publisher icon emmericp

DNS and dnsMessageContent

Open ghost opened this issue 8 years ago • 3 comments

Hi. I have a question about generating DNS request. How can I insert valid DNS query in dnsMessageContent?

local mem = memory.createMemPool(function(buf) buf:getDnsPacket(ipv4):fill{ ipv4Src = "192.168.2.2", ipv4Dst = "192.168.2.1", udpSrc = math.random(1025,65534), udpDst = 53, dnsQDCount = 1, dnsARCount = 1, dnsMessageContent = ???} end)

Thanks in advance.

ghost avatar Oct 27 '17 20:10 ghost

actually never used it myself, i'll look into it. but probably not before next week.

@santiagorr maybe you can help?

emmericp avatar Oct 30 '17 20:10 emmericp

Hi, There is not currently any function that creates a valid DNS query for you. You'd have do to it by yourself :-) What do you need to do?

P.S. I wonder if it could be possible to use something like ljdns to handle the DNS messages.

santiagorr avatar Oct 31 '17 09:10 santiagorr

There is not currently any function that creates a valid DNS query for you. You'd have do to it by yourself :-) What do you need to do?

Basically I want to create DNS DoS attack for my thesis. The problem is that domain name in DNS message should be easily set as string. I currently have working script for creating UDP packets with same DNS request as UDP payload. Thankfully I can randomize some characters with math.random in payload so the domain name end up like www.[a-z]xample.com

            local mem = memory.createMemPool(function(buf)
        buf:getUdpPacket(ipv4):fill{
	ethSrc="a0:36:9f:a1:4d:6d",
	ethDst="64:70:02:c1:65:92",
	ip4Dst="192.168.2.1",
	udpDst="53",
	udpSrc="1029",
	pktLength=packetLen }
	local pkt = buf:getUdpPacket(ipv4)
		pkt.payload.uint16[1] = 8193		-- Flags	8193 = Standard Query
		pkt.payload.uint16[2] = 256		-- Questions: 1
		pkt.payload.uint16[3] = 0		-- Answer RRs: 0
		pkt.payload.uint16[4] = 0		-- Authority RRs: 0
		pkt.payload.uint16[5] = 256		-- Additional RRs: 1
		pkt.payload.uint16[6] = 30467		--  w
		pkt.payload.uint16[7] = 30583		-- ww
		pkt.payload.uint16[8] = 25863		-- .e
		pkt.payload.uint16[9] = 24952		-- xa
		pkt.payload.uint16[10] = 28781		-- mp
		pkt.payload.uint16[11] = 25964		-- le
		pkt.payload.uint16[12] = 25347		-- .c
		pkt.payload.uint16[13] = 28015		-- om
		pkt.payload.uint16[14] = 0		 
		pkt.payload.uint16[15] = 1		-- Type: A
		pkt.payload.uint16[16] = 1		-- Class: IN
		pkt.payload.uint16[17] = 10496	
		pkt.payload.uint16[18] = 16		
		pkt.payload.uint16[19] = 0		
		pkt.payload.uint16[20] = 0		
		pkt.payload.uint16[21] = 0					
	end)

And for generating random source IPv4 adress and UDP source port.

	for i, buf in ipairs(bufs) do
		local pkt = buf:getUdpPacket(ipv4)
		if ipv4 then
			pkt.ip4.src:set(parseIPAddress("192.168.2.3"))
			pkt.udp.src = math.random(0, 2^16 - 1)
	  		pkt.payload.uint16[0] = math.random(0, 2^16 - 1) -- random dns query id
	   	end

Zendarsk avatar Nov 04 '17 00:11 Zendarsk